fix(installer): reject pathlike system binary names

Author: Dicklesworthstone

install.sh

@@ -113,6 +113,9 @@ acfs_early_system_binary_path() {
 
     [[ -n "$name" ]] || return 1
     case "$name" in
+        .|..)
+            return 1
+            ;;
         *[!A-Za-z0-9._+-]*)
             return 1
             ;;

packages/onboard/onboard.sh

@@ -110,6 +110,14 @@ onboard_system_binary_path() {
     local candidate=""
 
     [[ -n "$name" ]] || return 1
+    case "$name" in
+        .|..)
+            return 1
+            ;;
+        *[!A-Za-z0-9._+-]*)
+            return 1
+            ;;
+    esac
 
     for candidate in \
         "/usr/bin/$name" \

scripts/generated/internal_checksums.sh

@@ -8,19 +8,19 @@
 # Used by check-manifest-drift.sh to detect unauthorized changes.
 
 declare -gA ACFS_INTERNAL_CHECKSUMS=(
-  [scripts/lib/security.sh]="d82c1b79d17a0063e4d60cb12587f3550e25fa114a4261bd57bc350bcf297cad"
+  [scripts/lib/security.sh]="af50a0061f4cb3a1bb0a4ab429f1a586f64a7958945e6db9ace94b7fea37a315"
   [scripts/lib/agents.sh]="0d4e7666b7a7267203445c364ad2d4997775826175700627abe83c70afce2269"
-  [scripts/lib/update.sh]="3c227a7ffdef6eac06bca3fabce8777cfd75f4f536ed0f46c0e51ab6072f5153"
+  [scripts/lib/update.sh]="51d92e8ec9dfee9d0beb75d81fc5b9ff7760a4edd86a693031f9c17eb23f05fc"
   [scripts/lib/doctor.sh]="8b055f242330f1e9571bb25d006ff09cf1f8bcbe81ba07260959e37c1b0f9e2b"
   [scripts/lib/doctor_fix.sh]="074e8512b1b5cc6a6d27513d5463b585b0e5c35540180e58747793a7c67d3a6f"
-  [scripts/lib/autofix.sh]="ae7cc5e0b3af3f170d647945d3daee9a341c9276c270fe06895ab9aaf26ba805"
+  [scripts/lib/autofix.sh]="7d7bcc4a5695cee73f63826cef85fd436ba0eca682db0cb9264eacb1092a70a8"
   [scripts/lib/install_helpers.sh]="ee49bcf50aed0333d960ba87f85bfd1f4667cff7d47a3008a74e4d20ecff549e"
   [scripts/lib/logging.sh]="c0e719928a7e355806fb20c01b488df7e661f7eaa4a061aba6d1d4b059180cb5"
   [scripts/lib/state.sh]="5639f4ff56cd9050826339624c1b9538afe9776eefe60ab164de48e3b6ba28ac"
   [scripts/lib/session.sh]="d2d2b26109a6eb0fad6620c68fdc0bd5d1a75ae453a6c35112bd5665484c94f1"
-  [scripts/lib/os_detect.sh]="f374fd63535325b3e1945a1e879250dde6e6b1bf8778a22da66b3090e768ad48"
+  [scripts/lib/os_detect.sh]="5cc5c182d212d7ea76fd345f97e97d808aad5d7e8cb29736b03f88e2ad115889"
   [scripts/lib/errors.sh]="449a36db9f7dfd6706da6c372673b0e6c232c0295c9d8fffe9313e55ac7f584d"
-  [scripts/lib/user.sh]="4dd62cac3260b30895152dbf35356ef45a0addb5d07f61cbb3d6e457f527b248"
+  [scripts/lib/user.sh]="21b413c6f7b4e3395133efb7dda4fcceb31245a60b56135f939b0a89416b486e"
   [scripts/lib/tools.sh]="e2d48e800888b759245e66cc9d86d097d83bf10f6d3bd2fcd17ec4bddfec94e0"
   [scripts/lib/export-config.sh]="6280123436223b5708f506b0a18b83c64891f8ee55af93c5c513f7fb202b97e3"
   [scripts/acfs-global]="593829bc77d2f2e65f012fa09446937ae4620e0d85e3d5534f499bc7f507b596"

scripts/lib/autofix.sh

@@ -32,6 +32,14 @@ autofix_system_binary_path() {
     local candidate=""
 
     [[ -n "$name" ]] || return 1
+    case "$name" in
+        .|..)
+            return 1
+            ;;
+        *[!A-Za-z0-9._+-]*)
+            return 1
+            ;;
+    esac
 
     for candidate in \
         "/usr/bin/$name" \

scripts/lib/changelog.sh

@@ -77,6 +77,14 @@ changelog_system_binary_path() {
     local candidate=""
 
     [[ -n "$name" ]] || return 1
+    case "$name" in
+        .|..)
+            return 1
+            ;;
+        *[!A-Za-z0-9._+-]*)
+            return 1
+            ;;
+    esac
 
     for candidate in \
         "/usr/bin/$name" \

scripts/lib/cli_tools.sh

@@ -134,6 +134,14 @@ _cli_system_binary_path() {
     local candidate=""
 
     [[ -n "$name" ]] || return 1
+    case "$name" in
+        .|..)
+            return 1
+            ;;
+        *[!A-Za-z0-9._+-]*)
+            return 1
+            ;;
+    esac
 
     for candidate in \
         "/usr/bin/$name" \

scripts/lib/context.sh

@@ -72,6 +72,9 @@ context_system_binary_path() {
 
     [[ -n "$name" ]] || return 1
     case "$name" in
+        .|..)
+            return 1
+            ;;
         *[!A-Za-z0-9._+-]*)
             return 1
             ;;

scripts/lib/error_tracking.sh

@@ -58,6 +58,9 @@ error_tracking_system_binary_path() {
 
     [[ -n "$name" ]] || return 1
     case "$name" in
+        .|..)
+            return 1
+            ;;
         *[!A-Za-z0-9._+-]*)
             return 1
             ;;

scripts/lib/github_api.sh

@@ -178,6 +178,14 @@ _github_api_system_binary_path() {
     local candidate=""
 
     [[ -n "$name" ]] || return 1
+    case "$name" in
+        .|..)
+            return 1
+            ;;
+        *[!A-Za-z0-9._+-]*)
+            return 1
+            ;;
+    esac
 
     for candidate in \
         "/usr/bin/$name" \

scripts/lib/languages.sh

@@ -68,6 +68,14 @@ _lang_system_binary_path() {
     local candidate=""
 
     [[ -n "$name" ]] || return 1
+    case "$name" in
+        .|..)
+            return 1
+            ;;
+        *[!A-Za-z0-9._+-]*)
+            return 1
+            ;;
+    esac
 
     for candidate in \
         "/usr/bin/$name" \