Re: Issues with exported functions

[Dan Douglas]

On Thursday, September 25, 2014 09:03:03 AM Chet Ramey wrote:
> On 9/25/14, 4:52 AM, Gabriel Corona wrote:
> > Hello,
> > 
> > As the interface is not specified, would it make sense to:
> > 
> >  * add a prefix (use BASH_FUNCTION_foo instead of foo for exported
> >    function foo);
> > 
> >  * still expand the variable if it matches the 'exported function'
> >    pattern.
> 
> Yes, that's one of the approaches under consideration.  It raises the
> bar for abuse by requiring that an attacker be able to create environment
> variables with arbitrary names as well as values.  It is not,
> unfortunately, backwards compatible.
> 

Have you considered the FPATH mechanism? Exploiting it requires being able to 
create files and set FPATH accordingly. I've had some success with the 
function loader code in examples/functions/autoload.*. I believe it serves 
mostly the same purpose as exported functions.

-- 
Dan Douglas