File: secure-script

package info (click to toggle)
bash 5.3~rc2-1
  • links: PTS
  • area: main
  • in suites: experimental
  • size: 41,548 kB
  • sloc: ansic: 134,239; sh: 8,866; yacc: 5,962; makefile: 4,696; perl: 4,105; asm: 48; awk: 23; sed: 16
file content (31 lines) | stat: -rw-r--r-- 1,035 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# if we are worried somehow about inheriting a function for unset or exec,
# set posix mode, then unset it later
POSIXLY_CORRECT=1

# make sure to run with bash -p to prevent inheriting functions. you can
# do this (if the script does not need to run setuid) or use the
# POSIXLY_CORRECT setting above (as long as you run set +o posix as done below)
#case $SHELLOPTS in
#*privileged*)	;;
#*)	\exec /bin/bash -p $0 "$@" ;;
#esac

# unset is a special builtin and will be found before functions; quoting it
# will prevent alias expansion
# add any other shell builtins you're concerned about
\unset -f command builtin unset shopt set unalias hash
\unset -f read true exit echo printf

# remove all aliases and disable alias expansion
\unalias -a
\shopt -u expand_aliases

# and make sure we're no longer running in posix mode
set +o posix

# get rid of any hashed commands
hash -r

# if you're concerned about PATH spoofing, make sure to have a path that
# will find the standard utilities
#PATH=$(command getconf -p getconf PATH):$PATH