shellshock-bash-bug

Regression: Exported Bash function lost after going through another process

女生的网名这么多〃 提交于 2019-12-01 04:21:31
问题 When moving from Ubuntu 14.04 to 16.04, I've noticed several of my Bash scripts failing due to missing exported functions. I wonder whether this is related to the fixes for the Shellshock bug, even though I simply export -f the functions, and not relying on the Bash-internal function representation. The failure does not occur in a direct Bash subshell, only if there's another process in between. For example, Bash invoking awk / Perl / Vim invoking another Bash. Here's an example with Perl:

Is the behavior behind the Shellshock vulnerability in Bash documented or at all intentional?

对着背影说爱祢 提交于 2019-11-27 03:47:26
A recent vulnerability, CVE-2014-6271 , in how Bash interprets environment variables was disclosed . The exploit relies on Bash parsing some environment variable declarations as function definitions, but then continuing to execute code following the definition: $ x='() { echo i do nothing; }; echo vulnerable' bash -c ':' vulnerable But I don't get it. There's nothing I've been able to find in the Bash manual about interpreting environment variables as functions at all (except for inheriting functions , which is different). Indeed, a proper named function definition is just treated as a value:

Is the behavior behind the Shellshock vulnerability in Bash documented or at all intentional?

若如初见. 提交于 2019-11-26 12:41:07
问题 A recent vulnerability, CVE-2014-6271, in how Bash interprets environment variables was disclosed. The exploit relies on Bash parsing some environment variable declarations as function definitions, but then continuing to execute code following the definition: $ x=\'() { echo i do nothing; }; echo vulnerable\' bash -c \':\' vulnerable But I don\'t get it. There\'s nothing I\'ve been able to find in the Bash manual about interpreting environment variables as functions at all (except for
订阅 shellshock-bash-bug