[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash security issue
From: |
Eric Blake |
Subject: |
Re: Bash security issue |
Date: |
Fri, 26 Sep 2014 08:51:02 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 |
On 09/26/2014 08:45 AM, Nick Bowler wrote:
> On 2014-09-25 15:08 -0700, Linda Walsh wrote:
>> Eric Blake wrote:
>>> Where I'm coming from is that in portable shell programming, you _can't_
>>> assign a value to f()=... The fact that portable programs are now
>>> slammed with the notion that some values cannot be portably assigned
>>> to a variable...
>> ---
>> slammed? It's not like this is new...
> [...]
>> As other have said:
>>
>> «Geir Hauge wrote: Bash has had this feature since "forever"»
>>
>> «Pierre Gaston wrote: How many instance have you found since the
>> introduction of this feature more than 20 years ago?»
>
> Since I don't use bash it's not surprising that I've never noticed any
> problem.
>
> But I try to write scripts that are portable to bash, because I know
> that many people do use it. What I learned from this is that bog-
> standard assignments like this:
>
> foo=$1; export foo
>
> are not portable to bash, and may fail to work correctly depending on
> the user's input.
They are not portable to broken bash. But the argument in these threads
is that bash's implementation of function exports should be changed so
that _fixed_ bash will once again be POSIX compliant and let this
bog-standard assignment work regardless of contents. If Chet accepts
Florian's patch [1] to change function exports to use BASH_FUNC_foo()=
instead of foo= (which is what Red Hat is already using in their fixes
pushed today), then this POSIX compliance bug in broken bash will be
avoided.
[1] http://www.openwall.com/lists/oss-security/2014/09/25/13
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- Re: Bash security issue, (continued)
- Re: Bash security issue, lolilolicon, 2014/09/26
- Re: Bash security issue, Zack Weinberg, 2014/09/26
- Re: Bash security issue, Eric Blake, 2014/09/26
- Re: Bash security issue, Steve Simmons, 2014/09/26
- Re: Bash security issue, Paul Smith, 2014/09/26
- Re: Bash security issue, Chet Ramey, 2014/09/27
- Re: Bash security issue, Eric Blake, 2014/09/27
- Re: Bash security issue, Steve Simmons, 2014/09/27
- Re: Bash security issue, Zack Weinberg, 2014/09/26
- Re: Bash security issue, Nick Bowler, 2014/09/26
- Re: Bash security issue,
Eric Blake <=
- Re: Bash security issue, Nick Bowler, 2014/09/26
- Re: Bash security issue, Linda Walsh, 2014/09/26
- Re: Bash security issue, Eric Blake, 2014/09/26
- Re: Bash security issue, Linda Walsh, 2014/09/27
- Re: Bash security issue, Andreas Schwab, 2014/09/26
[PATCH] docs: mention that not all values can be exported, Eric Blake, 2014/09/27