So, hum, bash…
So, I guess you heard about the latest bash hole.
What baffles me is that the following still is allowed:
env echo='() { xterm;}' bash -c "echo this is a test"
Interesting replacements for "echo", "xterm" and "echo this is a test" are left as an exercise to the reader.
Update: Another thing that bugs me: Why is this feature even enabled in posix mode? (the mode you get from bash --posix, or, more importantly, when running bash as sh) After all, export -f is a bashism.
2014-09-25 09:43:14+0900
