Re: Bug#762839: bash without importing shell functions from the environment

To: debian-devel@lists.debian.org, 762839@bugs.debian.org
Subject: Re: Bug#762839: bash without importing shell functions from the environment
From: Vincent Lefevre <vincent@vinc17.net>
Date: Fri, 26 Sep 2014 10:32:48 +0200
Message-id: <[🔎] 20140926083248.GA2719@xvii.vinc17.org>
Mail-followup-to: debian-devel@lists.debian.org, 762839@bugs.debian.org
In-reply-to: <[🔎] 20140926071917.GJ3550@type.youpi.perso.aquilenet.fr>
References: <[🔎] 21540.13505.438186.122045@chiark.greenend.org.uk> <[🔎] 20140925162026.GA11755@type.bordeaux.inria.fr> <[🔎] 20140925191758.GA6306@smurf.noris.de> <[🔎] 20140925203900.GT3550@type.youpi.perso.aquilenet.fr> <[🔎] 87oau3mdkv.fsf@vostro.rath.org> <[🔎] 20140926071917.GJ3550@type.youpi.perso.aquilenet.fr>

On 2014-09-26 09:19:17 +0200, Samuel Thibault wrote:
> Nikolaus Rath, le Thu 25 Sep 2014 17:26:40 -0700, a écrit :
> > Wasn't there some web server that used to put query script variables
> > into the environment of the CGI script?
> 
> Well, that ought to have been fixed a long time ago already,
> otherwise you could have injected all sorts of LD_*.

It depends on the environment variable names. Names with lowercase
characters, such as "exec", are safe, since for application usage
only[*]. Well... actually not with bash!

[*] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

References:
- bash without importing shell functions from the environment
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Bug#762839: bash without importing shell functions from the environment
  - From: Samuel Thibault <sthibault@debian.org>
- Re: Bug#762839: bash without importing shell functions from the environment
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: Bug#762839: bash without importing shell functions from the environment
  - From: Samuel Thibault <sthibault@debian.org>
- Re: Bug#762839: bash without importing shell functions from the environment
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: Bug#762839: bash without importing shell functions from the environment
  - From: Samuel Thibault <sthibault@debian.org>

Prev by Date: Re: Bug#762839: bash without importing shell functions from the environment
Next by Date: Re: bash without importing shell functions from the environment
Previous by thread: Re: Bug#762839: bash without importing shell functions from the environment
Next by thread: Re: Bug#762839: bash without importing shell functions from the environment
Index(es):
- Date
- Thread