diff --git a/ssm b/ssm
index dece4c0..2b6e455 100755
--- a/ssm
+++ b/ssm
@@ -7,6 +7,12 @@ is_function() [[ $(type -t $1 2>/dev/null) == 'function' ]]
 var() {
 	declare varname=$1; shift
 
+	# This enforces bash's grammar against things like
+	# var 'cat /etc/shadow; foo' ...
+	[[ $varname =~ ^[a-zA-Z_][a-zA-Z0-9_]+?$ ]] || {
+		die 73 "On line $LINENO, in $FUNCNAME: Invalid identifier: '$varname'"
+	}
+
 	if ! is_function "$varname"; then
 		eval "
 			${varname}() {
@@ -27,7 +33,7 @@ var() {
 
 						('u') mode=includes;;
 
-						(*) die 71 \"Syntax error in \$FUNCNAME!\";;
+						(*) die 71 \"Syntax error in ${varname}!\";;
 					esac
 					shift
 				else
@@ -62,7 +68,7 @@ var() {
 					(is_file) [[ -f \"\$_var\" ]];;
 					(is_dir|is_directory) [[ -d \"\$_var\" ]];;
 
-					(*) die 71 \"Syntax error in \$FUNCNAME!\";;
+					(*) die 71 \"Syntax error in ${varname}!\";;
 				esac
 			}; readonly -f \"${varname}\"