On 9/26/14, 1:06 PM, Alan Wild wrote:
> Not that I get a "vote", but if I did... I'm completely supportive of
> dropping function "importing" support when bash is invoked as /bin/sh (or
> --posix). This is clearly bash-specific functionality that isn't needed
> for POSIX-compliance. Seams like a
On 9/26/14, 12:58 PM, Alan Wild wrote:
> I've been searching for some clarification on these two "fixes" and I'm
> utterly confused. I've been lead to believe RedHat's first patch (6271) is
> based on code from Chet that just causes bash to reject functions where
> code appears outside of the func
Yes, again... I was specifically working only with Red Hat patches. I
hadn't actually seen Chet's patches anywhere (thanks for the link).
However, I was concerned that Red Hat was setting a major precedent and
effectively forking bash (arguably that is the case, but in a much more
minor way then I
On 09/26/2014 02:57 PM, Alan Wild wrote:
> I want to apologize for adding more confusion to this issue. My statements
> about CVE-2014-7169 where incorrect and misguided. This change does not
> remove function exporting but only changes how the function names are
> encoded as variable names.
Act
I want to apologize for adding more confusion to this issue. My statements
about CVE-2014-7169 where incorrect and misguided. This change does not
remove function exporting but only changes how the function names are
encoded as variable names.
Because the published CVE-2014-6271 vulnerability tes
On 09/26/2014 10:58 AM, Alan Wild wrote:
> I've been searching for some clarification on these two "fixes" and I'm
> utterly confused. I've been lead to believe RedHat's first patch (6271) is
[Red Hat is two words.]
> based on code from Chet that just causes bash to reject functions where
> code
Not that I get a "vote", but if I did... I'm completely supportive of
dropping function "importing" support when bash is invoked as /bin/sh (or
--posix). This is clearly bash-specific functionality that isn't needed
for POSIX-compliance. Seams like a much more reasonable middle-ground then
pullin
