Re: REGRESSION: shellshock patch rejects valid function names

[Dan Douglas]

Just a few points to add.

On Monday, September 29, 2014 04:29:52 PM Stephane Chazelas wrote:
> 2014-09-29 09:04:00 -0600, Eric Blake:
> [...]
> > > "The function is named fname; the application shall ensure that it is a
> > > name (see XBD Name) and that it is not the name of a special built-in 
utility."
> > > 
> > > 
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_05

This doesn't normally matter because POSIX requires special builtins to take 
precedence over functions during command search, so even if you have such a 
function defined it is impossible to call. Bash doesn't use the correct search 
order however.

Mksh has the reverse bug. It allows defining the function (wrongly) but then 
calls the special builtin anyway (correctly).

Another bug is in ksh93 whose `builtin` allows disabling special builtins 
(which according to the manual, shouldn't work).

$ ksh -c 'builtin -d set; function set { echo test; }; set'
test

Bash's "enable" correctly disallows that.

> I agree the requirement is on the application, and I can't see
> why POSIX should force a shell to reject a function whose name
> doesn't contain a valid identifier.
> ...

Another thing you can do in bash is bypass its command name check by using a 
null zeroth word.

$ { function } { echo test; }; <() }; }
test

Ordinarily } would be uncallable, but apparently since bash only checks the 
command name of the first word, calling with e.g. `<() }` or `$() }` works.

-- 
Dan Douglas

signature.asc
Description: This is a digitally signed message part.