[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: REGRESSION: shellshock patch rejects valid function names

From: Dan Douglas
Subject: Re: REGRESSION: shellshock patch rejects valid function names
Date: Mon, 29 Sep 2014 16:25:26 -0500
User-agent: KMail/4.14 (Linux/3.16.2; KDE/4.14.0; x86_64; ; )

Just a few points to add.

On Monday, September 29, 2014 04:29:52 PM Stephane Chazelas wrote:
> 2014-09-29 09:04:00 -0600, Eric Blake:
> [...]
> > > "The function is named fname; the application shall ensure that it is a
> > > name (see XBD Name) and that it is not the name of a special built-in 
> > > 
> > > 

This doesn't normally matter because POSIX requires special builtins to take 
precedence over functions during command search, so even if you have such a 
function defined it is impossible to call. Bash doesn't use the correct search 
order however.

Mksh has the reverse bug. It allows defining the function (wrongly) but then 
calls the special builtin anyway (correctly).

Another bug is in ksh93 whose `builtin` allows disabling special builtins 
(which according to the manual, shouldn't work).

$ ksh -c 'builtin -d set; function set { echo test; }; set'

Bash's "enable" correctly disallows that.

> I agree the requirement is on the application, and I can't see
> why POSIX should force a shell to reject a function whose name
> doesn't contain a valid identifier.
> ...

Another thing you can do in bash is bypass its command name check by using a 
null zeroth word.

$ { function } { echo test; }; <() }; }

Ordinarily } would be uncallable, but apparently since bash only checks the 
command name of the first word, calling with e.g. `<() }` or `$() }` works.

Dan Douglas

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]