On 9/26/14, 4:43 PM, Brian J. Fox wrote:
>
> Hey Eduardo -
>
> Jay is one of many - the fix for the parser exploit is using the wrong code
> to decide if the identifier is valid for a function. And it doesn't have to.
>
> Jay should certainly not "fix" his working scripts - which, btw, could have
> been working for the last 20 years.
>
> i guess i'll submit a working patch if necessary. Chet, is that necessary?
No, it's not necessary. I have a longer explanation which I'll post in a
separate reply detailing why I did what I did and the path forward.
(A preview: think of what could happen if someone figured out how to
remotely specify function names instead of values. Bash allows, and has
always allowed, shell function names containing slashes.)
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU [email protected] http://cnswww.cns.cwru.edu/~chet/
