On 9/25/14, 4:52 AM, Gabriel Corona wrote:
> Hello,
>
> As the interface is not specified, would it make sense to:
>
> * add a prefix (use BASH_FUNCTION_foo instead of foo for exported
> function foo);
>
> * still expand the variable if it matches the 'exported function'
> pattern.
Yes, that's one of the approaches under consideration. It raises the
bar for abuse by requiring that an attacker be able to create environment
variables with arbitrary names as well as values. It is not,
unfortunately, backwards compatible.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
