[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: REGRESSION: shellshock patch rejects valid function names
From: |
Eric Blake |
Subject: |
Re: REGRESSION: shellshock patch rejects valid function names |
Date: |
Sat, 27 Sep 2014 20:03:12 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 |
On 09/27/2014 07:47 PM, Chet Ramey wrote:
> On 9/27/14, 8:49 PM, Eric Blake wrote:
>> On 09/27/2014 05:59 PM, Chet Ramey wrote:
>>> On 9/27/14, 4:29 PM, Eric Blake wrote:
>>>> On 09/27/2014 12:53 PM, Chet Ramey wrote:
>
>>> We have an opportunity to close up a potential problem here, at least
>>> with respect to function names containing `/'.
>>
>> As I said in a later mail, I'm now definitely leaning towards your
>> desire to exclude '/', and may I also add '=', as two characters that
>> will be blacklisted from valid function names both in the shell and
>> during import/export, because they are just too risky. I haven't yet
>> come up with any reason to blacklist any other non-metacharacter, and
>> you already reject any metacharacter that requires quoting.
>
> I'm just going to include slash for right now, since `=' doesn't cause
> any real problems, because you're effectively not able to export it with
> the current version.
Bash is not able to export it _as a function_, and likewise, cannot
import it as a function. But the problem is that bash DOES try to
export it, and results in instead POLLUTING the child's namespace.
Consider this behavior in bash 4.3.24:
$ bash -c 'function a=b(){ echo oops;};export -f a=b;export a=hi; bash
-c "echo \$a"'
b=() { echo oops }
or in Fedora bash-4.2.48-2.fc20.x86_64:
$ bash -c 'function a=b(){ echo oops;};export -f a=b;export
BASH_FUNC_a=hi; bash -c "echo \$BASH_FUNC_a"'
b()=() { echo oops }
In both cases, your attempt to export an invalid function name ended up
clobbering a regular variable.
Please reconsider, and prohibit the use of = in function names both for
the 'function' keyword and on imports from the environment.
>
>
>>> Yeah, but what I was talking about was allowing non-identifiers as valid
>>> function names.
>>
>> Where does POSIX forbid the use of a non-identifier as a valid function
>> name?
>
> Yes, it's an application requirement. Regardless, all the versions of bash
> we're talking about here reject non-identifiers.
I'm still trying to find that line in the actual POSIX spec.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- Re: REGRESSION: shellshock patch rejects valid function names, (continued)
- Re: REGRESSION: shellshock patch rejects valid function names, Chet Ramey, 2014/09/27
- Re: REGRESSION: shellshock patch rejects valid function names, Eric Blake, 2014/09/27
- Re: REGRESSION: shellshock patch rejects valid function names, Jay Freeman (saurik), 2014/09/27
- Re: REGRESSION: shellshock patch rejects valid function names, Eric Blake, 2014/09/27
- Re: REGRESSION: shellshock patch rejects valid function names, Chet Ramey, 2014/09/27
- Re: REGRESSION: shellshock patch rejects valid function names, Chet Ramey, 2014/09/27
- Re: REGRESSION: shellshock patch rejects valid function names, Eric Blake, 2014/09/27
- Re: REGRESSION: shellshock patch rejects valid function names, Chet Ramey, 2014/09/27
- Re: REGRESSION: shellshock patch rejects valid function names,
Eric Blake <=
- Re: REGRESSION: shellshock patch rejects valid function names, Chet Ramey, 2014/09/28
- Re: REGRESSION: shellshock patch rejects valid function names, Eric Blake, 2014/09/29
- Re: REGRESSION: shellshock patch rejects valid function names, Stephane Chazelas, 2014/09/29
- Re: REGRESSION: shellshock patch rejects valid function names, Dan Douglas, 2014/09/29
- Re: REGRESSION: shellshock patch rejects valid function names, Andreas Schwab, 2014/09/29
- Re: REGRESSION: shellshock patch rejects valid function names, Dan Douglas, 2014/09/29
- Re: REGRESSION: shellshock patch rejects valid function names, Chet Ramey, 2014/09/29
- Re: REGRESSION: shellshock patch rejects valid function names, David Korn, 2014/09/30
- Re: REGRESSION: shellshock patch rejects valid function names, Eric Blake, 2014/09/30
- Re: REGRESSION: shellshock patch rejects valid function names, Eric Blake, 2014/09/30