source: trunk/server/common/patches/bash-4.2-disable-function-imports.patch @ 2619

Last change on this file since 2619 was 2619, checked in by andersk, 8 years ago
bash: Disable function imports The upstream fix for CVE-2014-6271 isn’t good enough. Furthermore, even if they were completely fixed to operate as intended, they are still a bad idea to begin with. Disable this feature entirely.
File size: 497 bytes
  • variables.c

    diff --git a/variables.c b/variables.c
    index cdc54bc..74f3a8c 100644
    a b initialize_shell_variables (env, privmode) 
    349349
    350350      /* If exported function, define it now.  Don't import functions from
    351351         the environment in privileged mode. */
    352       if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
     352      if (0)
    353353        {
    354354          string_length = strlen (string);
    355355          temp_string = (char *)xmalloc (3 + string_length + char_index);
Note: See TracBrowser for help on using the repository browser.