ido: add --secure-path option

ido

@@ -46,6 +46,9 @@ Options:
   -V, --version                 display version information and exit
   --                            stop processing command line arguments
 
+ido specific options:
+  --secure-path=list            path used for every command run from ido
+
 iamroot specific options:
   --multiarch                   use multiarch library path in chroot
   --deflib=path                 default library path to use in chroot
@@ -198,6 +201,15 @@ do
 	then
 		shift
 		break
+	elif [[ "$1" =~ ^--secure-path$ ]]
+	then
+		shift
+		IDO_SECURE_PATH="$1"
+		export IDO_SECURE_PATH
+	elif [[ "$1" =~ ^--secure-path=.*$ ]]
+	then
+		IDO_SECURE_PATH="${1#*=}"
+		export IDO_SECURE_PATH
 	elif [[ "$1" =~ ^--multiarch$ ]]
 	then
 		IAMROOT_MULTIARCH="1"
@@ -438,7 +450,7 @@ IDO_UID="$UID" \
 IDO_GID="${GROUPS[0]}" \
 IDO_COMMAND="${command[*]}" \
 LOGNAME="${passwd[0]}" \
-PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
+PATH="${IDO_SECURE_PATH:-/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin}" \
 USER="${passwd[0]}" \
 HOME="${HOME:-${passwd[5]}}" \
 SHELL="${shell:-${passwd[6]}}" \

ido.1.adoc

@@ -124,6 +124,11 @@ The options are as follows:
 	The **--** is used to delimit the end of the *ido* options. Subsequent
 	options are passed to the _command_.
 
+*ido specific options*
+
+*--secure-path*=_list_::
+	Path used for every command run from *ido*.
+
 *iamroot specific options*
 
 *--multiarch*::

tests/tests.bash

@@ -609,6 +609,15 @@ else
 fi
 echo
 
+run "ido: test option --secure-path /usr/local/bin:/usr/bin:/usr/bin sets path used for every command run from ido"
+if bash -x ido --secure-path /usr/local/bin:/usr/bin:/usr/bin env | grep "^PATH=/usr/local/bin:/usr/bin:/usr/bin$"
+then
+	ok
+else
+	ko
+fi
+echo
+
 run "ido: test option --multiarch uses multiarch library path in chroot"
 if ido --multiarch env | grep "^IAMROOT_MULTIARCH=1$"
 then