[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues with exported functions

From: lolilolicon
Subject: Re: Issues with exported functions
Date: Fri, 26 Sep 2014 16:12:01 +0800

On Fri, Sep 26, 2014 at 3:24 PM, Vincent Lefevre <address@hidden> wrote:
> On 2014-09-25 03:54:19 +0800, lolilolicon wrote:
>> [...] that it's still possible to
>> mask commands in a bash script by changing it's environment.
>> For example, true='() { false;}' or grep='() { /bin/id;}' ...
> Yes, and BTW, I don't think this is POSIX compliant:
> This means that some application like sudo that needs to clean up
> the environment could choose to keep these environment variables
> with lowercase letters, and this could have really bad effects if
> a bash script is executed.

Yes, my opinion is ENV is a bad channel for doing function export.
ENV is a shared space, isn't well-specified, relies entirely on policy
instead of any intrinsic mechanism... it's just fundamentally
unsuitable for too much special interpretation.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]