From edcfdda80c9141de4c65f15f4c7871806bbfa007 Mon Sep 17 00:00:00 2001
From: Kevin Day <Kevin@kevux.org>
Date: Thu, 5 Jun 2025 21:45:25 -0500
Subject: [PATCH] Security: Explicitly define IFS to prevent misuse.

The scripts are written with certain expectations.
This expectation may not be properly met if the `IFS` value is changed.
This can potentially be used to create some sort of exploit.

Explicitly define IFS and then do so at a local variable scope to prevent affecting the callers IFS setting.
---
 install.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install.sh b/install.sh
index 5c0f062..f1a13f3 100755
--- a/install.sh
+++ b/install.sh
@@ -14,6 +14,7 @@
 #
 
 install_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh
-- 
1.8.3.1