[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues with exported functions

From: Chet Ramey
Subject: Re: Issues with exported functions
Date: Thu, 25 Sep 2014 09:03:03 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 9/25/14, 4:52 AM, Gabriel Corona wrote:
> Hello,
> As the interface is not specified, would it make sense to:
>  * add a prefix (use BASH_FUNCTION_foo instead of foo for exported
>    function foo);
>  * still expand the variable if it matches the 'exported function'
>    pattern.

Yes, that's one of the approaches under consideration.  It raises the
bar for abuse by requiring that an attacker be able to create environment
variables with arbitrary names as well as values.  It is not,
unfortunately, backwards compatible.


``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]