[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issues with exported functions
|
From: |
lolilolicon |
|
Subject: |
Re: Issues with exported functions |
|
Date: |
Fri, 26 Sep 2014 16:12:01 +0800 |
On Fri, Sep 26, 2014 at 3:24 PM, Vincent Lefevre <vincent@vinc17.net> wrote:
> On 2014-09-25 03:54:19 +0800, lolilolicon wrote:
>> [...] that it's still possible to
>> mask commands in a bash script by changing it's environment.
>>
>> For example, true='() { false;}' or grep='() { /bin/id;}' ...
>
> Yes, and BTW, I don't think this is POSIX compliant:
[...]
> This means that some application like sudo that needs to clean up
> the environment could choose to keep these environment variables
> with lowercase letters, and this could have really bad effects if
> a bash script is executed.
Yes, my opinion is ENV is a bad channel for doing function export.
ENV is a shared space, isn't well-specified, relies entirely on policy
instead of any intrinsic mechanism... it's just fundamentally
unsuitable for too much special interpretation.
- Re: Issues with exported functions, (continued)
- Re: Issues with exported functions, Ángel González, 2014/09/25
- Re: Issues with exported functions, lolilolicon, 2014/09/25
- Re: Issues with exported functions, Steve Simmons, 2014/09/25
- Re: Issues with exported functions, Chet Ramey, 2014/09/25
- Re: Issues with exported functions, Eduardo A . Bustamante López, 2014/09/25
- Re: Issues with exported functions, Ángel González, 2014/09/25
Re: Issues with exported functions, lolilolicon, 2014/09/24
Re: Issues with exported functions, Chet Ramey, 2014/09/24
Re: Issues with exported functions, Linda Walsh, 2014/09/25
Re: Issues with exported functions, David A. Wheeler, 2014/09/27