commit 9b56647abc8dc33bf138d4b260b103c8d9265b7d
Author: Rémy Oudompheng <remy@archlinux.org>
Date:   Sun Apr 24 10:41:48 2011 +0200

    parsepkgbuild: run with sane PATH and redirect standard output
    
    In the current state, the script parsepkgbuild.sh would run with the
    default PATH, enabling it to run harmful commands. Standard input is
    redirected from /dev/null to prevent any interactive commands like
    read to block parsepkgbuild when run from an interactive shell.
    
    Signed-off-by: Rémy Oudompheng <remy@archlinux.org>

diff --git a/parsepkgbuild b/parsepkgbuild
index 5e219bb..8f882d4 100755
--- a/parsepkgbuild
+++ b/parsepkgbuild
@@ -5,7 +5,7 @@ mkdir -p /tmp/parsepkgbuild
 source /etc/makepkg.conf
 export CARCH
 
-export PATH=/tmp/parsepkgbuild
 PARSE_PKGBUILD_PATH=${PARSE_PKGBUILD_PATH:-/usr/share/namcap}
 
-exec /usr/bin/env -i /bin/bash --noprofile --norc -r "$PARSE_PKGBUILD_PATH"/parsepkgbuild.sh $1
+exec </dev/null
+exec /usr/bin/env -i PATH=/dummy /bin/bash --norc --noprofile -r "$PARSE_PKGBUILD_PATH"/parsepkgbuild.sh $1