diff --git a/variables.c b/variables.c
--- a/variables.c
+++ b/variables.c
@@ -1578,6 +1578,28 @@ assign_hashcmd (self, value, ind, key)
      arrayind_t ind;
      char *key;
 {
+#if defined (RESTRICTED_SHELL)
+  char *full_path;
+
+  if (restricted)
+    {
+      if (strchr (value, '/'))
+	{
+	  sh_restricted (value);
+	  return (SHELL_VAR *)NULL;
+	}
+      /* If we are changing the hash table in a restricted shell, make sure the
+	 target pathname can be found using a $PATH search. */
+      full_path = find_user_command (value);
+      if (full_path == 0 || *full_path == 0 || executable_file (full_path) == 0)
+	{
+	  sh_notfound (value);
+	  free (full_path);
+	  return ((SHELL_VAR *)NULL);
+	}
+      free (full_path);
+    }
+#endif
   phash_insert (key, value, 0, 0);
   return (build_hashcmd (self));
 }