explicit_path.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

diff --git a/tessen b/tessen
index 609ed09..bfeacf2 100755
--- a/tessen
+++ b/tessen
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
 # SPDX-License-Identifier: GPL-2.0-only
 # Copyright (C) 2021-2022 Ayush Agarwal <ayushnix at fastmail dot com>
 #
@@ -7,6 +7,9 @@
 # tessen - a data selection interface for pass and gopass on Wayland
 # ------------------------------------------------------------------------------
 
+# set the path explicitly to avoid executing arbitrary user owned binaries
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
 # don't leak password data if debug mode is enabled
 set +x