On 9/26/14, 1:06 PM, Alan Wild wrote:
> Not that I get a "vote", but if I did... I'm completely supportive of
> dropping function "importing" support when bash is invoked as /bin/sh (or
> --posix). This is clearly bash-specific functionality that isn't needed
> for POSIX-compliance. Seams like a
On 9/26/14, 12:58 PM, Alan Wild wrote:
> I've been searching for some clarification on these two "fixes" and I'm
> utterly confused. I've been lead to believe RedHat's first patch (6271) is
> based on code from Chet that just causes bash to reject functions where
> code appears outside of the func
Yes, again... I was specifically working only with Red Hat patches. I
hadn't actually seen Chet's patches anywhere (thanks for the link).
However, I was concerned that Red Hat was setting a major precedent and
effectively forking bash (arguably that is the case, but in a much more
minor way then I
On 09/26/2014 02:57 PM, Alan Wild wrote:
> I want to apologize for adding more confusion to this issue. My statements
> about CVE-2014-7169 where incorrect and misguided. This change does not
> remove function exporting but only changes how the function names are
> encoded as variable names.
Act
I want to apologize for adding more confusion to this issue. My statements
about CVE-2014-7169 where incorrect and misguided. This change does not
remove function exporting but only changes how the function names are
encoded as variable names.
Because the published CVE-2014-6271 vulnerability tes
On 09/26/2014 10:58 AM, Alan Wild wrote:
> I've been searching for some clarification on these two "fixes" and I'm
> utterly confused. I've been lead to believe RedHat's first patch (6271) is
[Red Hat is two words.]
> based on code from Chet that just causes bash to reject functions where
> code
Not that I get a "vote", but if I did... I'm completely supportive of
dropping function "importing" support when bash is invoked as /bin/sh (or
--posix). This is clearly bash-specific functionality that isn't needed
for POSIX-compliance. Seams like a much more reasonable middle-ground then
pullin
I've been searching for some clarification on these two "fixes" and I'm
utterly confused. I've been lead to believe RedHat's first patch (6271) is
based on code from Chet that just causes bash to reject functions where
code appears outside of the function body.
However, this patch was labeled as
