18 Nov
2015
18 Nov
'15
6:15 a.m.
On Tue, Nov 17, 2015 at 05:56:28PM -0800, Erik E. Fair wrote:
The cause was idiot programmers who wrote CGI scripts for bash
without proper data sanitization.
No, the cause was "idiot programmers" who did not stop processing the
function definition when the function ended. Bash was not conformant
to its own syntax specification. Then they had to fix the same bug for
here documents. While fixing that, someone discovered stack smash among
other bugs in the parser.
Data santitization is important, but that doesn't mean bash doesn't
suck. The fix wasn't "stop exporting functions into the environemnt,"
the fix was to patch bash. Several times.
khm