Security: Explicitly define IFS to prevent misuse.

The scripts are written with certain expectations.
This expectation may not be properly met if the `IFS` value is changed.
This can potentially be used to create some sort of exploit.

Explicitly define IFS and then do so at a local variable scope to prevent affecting the callers IFS setting.

diff --git a/install.sh b/install.sh
index 5c0f0627e7d8e1f1eecdaaa0eda6521dbbd43ae0..f1a13f3db8f640950540a7df60f191a1ccdc58bb 100755 (executable)
--- a/install.sh
+++ b/install.sh
@@ -14,6 +14,7 @@
 #
 
 install_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh