From 29031e637873a16b6b69f413beb1fc865c8585d2 Mon Sep 17 00:00:00 2001
From: Kevin Day <Kevin@kevux.org>
Date: Thu, 5 Jun 2025 21:43:35 -0500
Subject: [PATCH] Security: Explicitly define IFS to prevent misuse.

The scripts are written with certain expectations.
This expectation may not be properly met if the `IFS` value is changed.
This can potentially be used to create some sort of exploit.

Explicitly define IFS and then do so at a local variable scope to prevent affecting the callers IFS setting.
---
 install.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/install.sh b/install.sh
index c8972d1..fb971b5 100755
--- a/install.sh
+++ b/install.sh
@@ -14,6 +14,7 @@
 #
 
 install_main() {
+  local IFS=$' \t\n' # Prevent IFS exploits by overriding with a local scope.
 
   if [[ ${SHELL_ENGINE} == "zsh" ]] ; then
     emulate ksh
@@ -877,4 +878,4 @@ install_cleanup() {
   unset install_cleanup
 }
 
-install_main $*
+install_main ${*}
-- 
1.8.3.1