bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: REGRESSION: shellshock patch rejects valid function names


From: Chet Ramey
Subject: Re: REGRESSION: shellshock patch rejects valid function names
Date: Sat, 27 Sep 2014 14:48:38 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 9/26/14, 4:43 PM, Brian J. Fox wrote:
> 
> Hey Eduardo -
> 
> Jay is one of many - the fix for the parser exploit is using the wrong code 
> to decide if the identifier is valid for a function.  And it doesn't have to.
> 
> Jay should certainly not "fix" his working scripts - which, btw, could have 
> been working for the last 20 years.
> 
> i guess i'll submit a working patch if necessary.  Chet, is that necessary?

No, it's not necessary.  I have a longer explanation which I'll post in a
separate reply detailing why I did what I did and the path forward.

(A preview: think of what could happen if someone figured out how to
remotely specify function names instead of values.  Bash allows, and has
always allowed, shell function names containing slashes.)

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]