oss-sec mailing list archives
Re: Thoughts on Shellshock and beyond
From: John Haxby <john.haxby () oracle com>
Date: Thu, 09 Oct 2014 11:19:33 +0100
On 09/10/14 00:53, Tim wrote:
Well, I think we can all think of a few options, some more portable
than others. The current namespace change is one option, obviously,
but one might go a different route with more time to design it
initially. Other ideas:
1) A single dedicated environment variable for all function exports.
e.g.:
BASH_FUNCTIONS='f() { ... }
g() { ... }
...
'
You don't need export -f for that either and you don't need anything special in the child: just do «eval "$BASH_FUNCTIONS"» which also has the benefit of making it quite plain that you're living dangerously. jch
Current thread:
- Re: Thoughts on Shellshock and beyond, (continued)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond ArkanoiD (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 09)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond John Haxby (Oct 09)
- Re: Thoughts on Shellshock and beyond Kobrin, Eric (Oct 09)
- Re: Thoughts on Shellshock and beyond Stephane Chazelas (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Robert Watson (Oct 14)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 15)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 15)