mirror of
https://https.git.savannah.gnu.org/git/bash.git
synced 2026-06-21 21:07:57 +02:00
Chet Ramey
32 lines
1.0 KiB
Plaintext
32 lines
1.0 KiB
Plaintext
# if we are worried somehow about inheriting a function for unset or exec,
|
|
# set posix mode, then unset it later
|
|
POSIXLY_CORRECT=1
|
|
|
|
# make sure to run with bash -p to prevent inheriting functions. you can
|
|
# do this (if the script does not need to run setuid) or use the
|
|
# POSIXLY_CORRECT setting above (as long as you run set +o posix as done below)
|
|
#case $SHELLOPTS in
|
|
#*privileged*) ;;
|
|
#*) \exec /bin/bash -p $0 "$@" ;;
|
|
#esac
|
|
|
|
# unset is a special builtin and will be found before functions; quoting it
|
|
# will prevent alias expansion
|
|
# add any other shell builtins you're concerned about
|
|
\unset -f command builtin unset shopt set unalias hash
|
|
\unset -f read true exit echo printf
|
|
|
|
# remove all aliases and disable alias expansion
|
|
\unalias -a
|
|
\shopt -u expand_aliases
|
|
|
|
# and make sure we're no longer running in posix mode
|
|
set +o posix
|
|
|
|
# get rid of any hashed commands
|
|
hash -r
|
|
|
|
# if you're concerned about PATH spoofing, make sure to have a path that
|
|
# will find the standard utilities
|
|
#PATH=$(command getconf -p getconf PATH):$PATH
|