This prevents abusive behavior if the `IFS` is changed.
The individual functions might be called in an environment that changes.
Therefore, each function must set the `IFS`.
# a function to simplify load management
tkis_source_file(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [ ! -f $1 ] ; then
echo -e "${color_error}ERROR: Missing or Cannot Access $1$color_reset" 1>&2
exit 1
}
tkis_command_line(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
# first look for only -l, to see if the color needs to be light
for i in $2 ; do
if [[ $i == "-l" || $i == "--light" ]] ; then
}
tkis_main(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local tkis_version="1.2.0"
local tkis_install_program=$(basename $0)
local tkis_path=$(echo $0 | sed -e "s|scripts/$tkis_install_program$||")
}
bootstrap_check() {
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local bootstrap_needed=
if [[ $(type -p fss_basic_read) == "" || $(type -p fss_basic_list_read) == "" ]] ; then
# distributions are specific to their file and can be directly called without searching
tkis_load_distribution_list(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
debug "Searching For List: $1 inside of ${DI}$tkis_distribution"
local found_list=$(grep -s "^[[:space:]]*$1:[[:space:]]*$" ${DI}$tkis_distribution)
}
tkis_install_distribution(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
echo
echo -e "${color_title}Turtle Kevux Installation Scripts${color_reset}"
echo -e " ${color_notice}Installing Distribution:${color_reset} ${color_notice}$tkis_distribution${color_reset}"
fi
let dist_current=$dist_current+1
-
+
if [[ $dist_current -lt $list_size ]] ; then
# save the next spot so resume can work properly
echo $dist_current > $tkis_resume_distribution
#!/bin/bash
tkis_handle_documentation(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local doc_type=${1}
local classification=${2}
local documentation=$(echo ${*} | sed -e "s|^${doc_type}[[:space:]]*${classification}[[:space:]]*||")
# directly process all given information as a single command
# 1 = command to execute
tkis_execute(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [[ $1 == "" ]] ; then
error "tkis_execute(): command name not supplied while trying to process $color_reset$color_notice$rule_name$color_reset$color_error on line #$color_reset$color_notice$current$color_reset$color_error with $color_reset$color_notice$tkis_process$color_reset$color_error for $color_reset$color_notice$program_name"
fi
debug "executing: tkis_get_patches $1 $2 $3"
tkis_get_patches $1 $2 $3
-
+
mkdir -p $tkis_data
debug "found the following patches: $PATCHES"
else
debug "$WO$1-$2 does not exist and therefore the cleanup of that directory is being skipped"
fi
-
+
if [ -f ${tkis_data}patched.$tkis_process.$1 ] ; then
debug "executing: rm -Rf ${tkis_data}patched.$tkis_process.$1"
rm -Rf ${tkis_data}patched.$tkis_process.$1
# 1 = program name, 2 = version number, 3 (optional) = extraction point
tkis_extract(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [[ $1 == "" ]] ; then
error "tkis_extract(): program name not supplied"
fi
if [[ $(echo $archive | grep -s " ") != "" ]] ; then
warning "You see to have multiple copies, remove the additional one to continue: $color_reset$color_notice$archive$color_reset${color_warning}, using the first occurance"
archive=$(echo $archive | awk '{ print $1 }')
- fi
+ fi
tar --no-same-permissions --no-same-owner -xf $archive -C $dest
# will store the version number inside of VERSION if one is found
# 1 = program name
tkis_get_version(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [[ $1 == "" ]] ; then
error "tkis_get_version(): program name not supplied"
fi
}
tkis_process_version(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
VERSION=$version
SUBVERSION=$(echo $version | grep -o "^[[:alnum:]_-]*\.[[:alnum:]_-]*\.[[:alnum:]_-]*")
MICVERSION=$(echo $version | grep -o "^[[:alnum:]_-]*\.[[:alnum:]_-]*")
# will store the version number inside of PATCHES for all patches found
# 1 = program name, 2 = version number 3 = subversion number
tkis_get_patches(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [[ $1 == "" ]] ; then
error "tkis_get_patches(): program name not supplied"
fi
# this is a get_version that rules are allowed to directly call
tkis_local_get_version(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local old_version=$VERSION
local old_subversion=$SUBVERSION
LOCAL_VERSION=
# If a script requires the use of certain non-standard parameters that may or may not be defined, make sure they get defined
tkis_local_require(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
for i in $* ; do
if [[ $(eval "echo \$$i") == "" ]] ; then
echo -e "${color_warning}The variable $color_reset$color_notice$i$color_reset$color_warning is not defined, define it now:$color_reset"
# 1 = message
error(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
echo -e "${color_error}ERROR: $1${color_reset}" 1>&2
- mkdir -p $tkis_output
+ mkdir -p $tkis_output
if [ -d $WO ] ; then
if [[ $tkis_process == "" ]] ; then
# 1 = message
warning(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
echo -e "${color_warning}WARNING: $1${color_reset}"
- mkdir -p $tkis_output
+ mkdir -p $tkis_output
if [ -d $WO ] ; then
if [[ $tkis_process == "" ]] ; then
# 1 = message
debug(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
if [[ $tkis_print_debug == "yes" ]] ; then
echo -e "${color_notice}DEBUG:$color_reset $1"
- mkdir -p $tkis_output
+ mkdir -p $tkis_output
if [ -d $WO ] ; then
if [[ $tkis_process == "" ]] ; then
}
echoit(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [[ $tkis_silent != "true" ]] ; then
echo -e "$color_important$*$color_reset"
fi
}
notice(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [[ $tkis_silent != "true" ]] ; then
echo -e "$color_highlight$*$color_reset"
fi
# this is a quick and dirty implementation, nothing fancy, and nowhere near as good as it could be
tkis_print_environment(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local environment_file=${tkis_data}environment
if [[ $tkis_process != "" ]] ; then
# a quick and simple implementation, nothing fancy so clock skews will mess this up
tkis_calculate_time(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [[ $tkis_output != "" ]] ; then mkdir -p $tkis_output ; fi
local stop_time_second=
#!/bin/bash
tkis_package(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local version_override=$1
local program_name=$2
local rule_name=$3
# do not allow rules to directly call most/all internal tkis functions
# do not allow rules to redefine local variables used by tkis
tkis_security_check(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local insecure_call=
if [[ $(echo $1 | grep -s "^[[:space:]]*tkis_source_file\>") != "" ]] ; then
# do not allow rules to directly define their own variables so that they cannot work around the rule checks
tkis_deny_private_variables(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local insecure_action=
if [[ $(echo $1 | grep -s "^[[:space:]]*set[[:space:]]") != "" ]] ; then
# prevent the most dangerous command to run as root
tkis_security_check_remove(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local oh_shit=
# check as many possible ways to remove / as I can think of
# prevent very dangerous commands to run as root outside of chroot
# check for removal of /bin /boot /dev /etc /home /lib /mnt /proc /sys /tmp /toolchain /var /usr (against the host system)
tkis_security_check_host_remove(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local oh_shit=
for i in bin boot dev etc home lib mnt proc sys tmp toolchain var usr documentation ; do
# make sure our global variables exist and are defined, otherwise generate an error so that unsafe transactions do not occur
tkis_confirm_global_settings(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [[ $tkis_path == "" ]] ; then
error "$color_reset${color_notice}tkis_path$color_reset$color_error is not and should be defined by the install program"
fi
#!/bin/bash
tkis_single_execution(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local program_name=$1
local rule_name=$2
fi
if ! [ -f $RU$tkis_process/$program_name ] ; then
- error "tkis_single_execution(): The rule $color_reset$color_notice$RU$tkis_process/$program_name$color_error is missing or cannot be accessed"
+ error "tkis_single_execution(): The rule $color_reset$color_notice$RU$tkis_process/$program_name$color_error is missing or cannot be accessed"
fi
if [ -f $system_version_file ] ; then
#!/bin/bash
tkis_prepare(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
if [[ $tkis_command != "wipe" && $tkis_command != "complete-clean" ]] ; then
if [[ $tkis_process == "" ]] ; then
}
tkis_install_system(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
debug "Processing preparation commands"
tkis_prepare
}
tkis_system(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local start_time_day=
local start_time_hour=
local start_time_minute=
# tkis_local_pop will do nothing for a user by hand
tkis_local_pop(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
echo
}
tkis_local_push(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
if [[ $1 == "" ]] ; then
echo "tkis_local_push(): first parameter is empty and should be either absolute, program, or work"
sleep 2
}
tkis_local_get_version(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
echo "tkis_local_get_version(): Please export LOCAL_VERSION=VERSION_OF_THE_PROGRAM, where the program is '$1' and VERSION_F_THE_PROGRAM is the version of '$1' to be used"
sleep 2
return 1
# If a script requires the use of certain non-standard parameters that may or may not be defined, make sure they get defined
tkis_local_require(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
for i in $* ; do
if [[ $(eval "echo \$$i") == "" ]] ; then
echo "The variable $i is not defined, define it now:"
#!/bin/bash
tkis_upgrade(){
+ local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
+
local program_name=$1
local version=$2
local rule_name=$3
fi
if ! [ -f $RU$list_filename/$program_name ] ; then
- error "tkis_upgrade(): The rule $color_reset$color_notice$RU$list_filename/$program_name$color_error is missing or cannot be accessed"
+ error "tkis_upgrade(): The rule $color_reset$color_notice$RU$list_filename/$program_name$color_error is missing or cannot be accessed"
fi
if [[ $(grep -s "^[[:space:]]*$version:[[:space:]]*$" $RU$list_filename/$program_name) != "" ]] ; then
projects / tkis / commitdiff