[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues with exported functions

From: Dan Douglas
Subject: Re: Issues with exported functions
Date: Thu, 25 Sep 2014 09:25:58 -0500
User-agent: KMail/4.14 (Linux/3.16.2; KDE/4.14.0; x86_64; ; )

On Thursday, September 25, 2014 09:03:03 AM Chet Ramey wrote:
> On 9/25/14, 4:52 AM, Gabriel Corona wrote:
> > Hello,
> > 
> > As the interface is not specified, would it make sense to:
> > 
> >  * add a prefix (use BASH_FUNCTION_foo instead of foo for exported
> >    function foo);
> > 
> >  * still expand the variable if it matches the 'exported function'
> >    pattern.
> Yes, that's one of the approaches under consideration.  It raises the
> bar for abuse by requiring that an attacker be able to create environment
> variables with arbitrary names as well as values.  It is not,
> unfortunately, backwards compatible.

Have you considered the FPATH mechanism? Exploiting it requires being able to 
create files and set FPATH accordingly. I've had some success with the 
function loader code in examples/functions/autoload.*. I believe it serves 
mostly the same purpose as exported functions.

Dan Douglas

reply via email to

[Prev in Thread] Current Thread [Next in Thread]