In message <[email protected]>, Doug Barton writes: > On 10/14/14 6:41 AM, Paul Vixie wrote: > > apparently the apache team believed as i did that no shell would ever > > eval() its environment variables no matter with or without input > > checking. the bash team really violated the principle of least > > astonishment with function inheritance. > > Given the number of years that the feature was in place (aka, "forever") > I find it hard to argue that it was "astonishing."
Did /bin/sh in System 5 eval it's environment variables? No. Bash *added* the feature to the OS. I've been using UNIX systems since before bash even started development. At that stage environment variable were not all evaluted by the shell by default. If you wanted to evaluate a environment variable you ran: eval "$VARIABLE" > Rather, I find it quite astonishing that so many Linux distros did > precisely what it has always been recommended NOT to do, 'ln -s > /bin/bash /bin/sh'. I do not find the fact that they are now being > bitten in the ascii by this mistake at all astonishing. In fact I'm > rather enjoying it. :) It doesn't matter if they did that or not. The problem is that with bash "ALL YOUR VARIABLE BELONG TO US" not all the variable starting with BASH_ or BASH belong to us. We expect you to sanitize the envionment before invoking us of anything which could remotely cause a problem when executed. It is a obsure feature of bash that no sane developer would think a shell would be so stupid as to do. Have you inspected every command on a OS to ensure that it does something sane with all the enviroment variables? configure scripts claim "with_*". Different scripts use different ones. I actually have a couple of environment variable which make use of these to same me typing in --with-atf=/usr/local and --with-geoip=yes every time I run configure, which is usually a dozen plus times a day. I have to be careful when I rebuild ports as I need to ensure these are stripped from the environment first. with_atf=/opt/local with_geoip=yes > Doug > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
