1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# if we are worried somehow about inheriting a function for unset or exec,
# set posix mode, then unset it later
POSIXLY_CORRECT=1
# make sure to run with bash -p to prevent inheriting functions. you can
# do this (if the script does not need to run setuid) or use the
# POSIXLY_CORRECT setting above (as long as you run set +o posix as done below)
#case $SHELLOPTS in
#*privileged*) ;;
#*) \exec /bin/bash -p $0 "$@" ;;
#esac
# unset is a special builtin and will be found before functions; quoting it
# will prevent alias expansion
# add any other shell builtins you're concerned about
\unset -f command builtin unset shopt set unalias hash
\unset -f read true exit echo printf
# remove all aliases and disable alias expansion
\unalias -a
\shopt -u expand_aliases
# and make sure we're no longer running in posix mode
set +o posix
# get rid of any hashed commands
hash -r
# if you're concerned about PATH spoofing, make sure to have a path that
# will find the standard utilities
#PATH=$(command getconf -p getconf PATH):$PATH
|
