There's a similar question that deals with the 'wrapping' scenario, where you want to replace for example cd with a command that calls the builtin cd.

However, in light of shellshock et al and knowing that bash imports functions from the environment, I've done a few tests and I can't find a way to safely call the builtin cd from my script.

Consider this

cd() { echo "muahaha"; }
export -f cd

Any scripts called in this environment using cd will break (consider the effects of something like cd dir && rm -rf .).

There are commands to check the type of a command (conveniently called type) and commands for executing the builtin version rather than a function (builtin and command). But, lo and behold, these can be overridden using functions as well

builtin() { "$@"; }
command() { "$@"; }
type() { echo "$1 is a shell builtin"; }

Will yield the following:

$ type cd
cd is a shell builtin
$ cd x
muahaha
$ builtin cd x
muahaha
$ command cd x
muahaha

Is there any way to safely force bash to use the builtin command, or at least detect that a command isn't a builtin, without clearing the entire environment?

I realize if someone controls your environment you're probably screwed anyway, but at least for aliases you've got the option to not call the alias by inserting a \ before it.

There's a similar question that deals with the 'wrapping' scenario, where you want to replace for example cd with a command that calls the builtin cd.

However, in light of shellshock et al and knowing that bash imports functions from the environment, I've done a few tests and I can't find a way to safely call the builtin cd from my script.

Consider this

cd() { echo "muahaha"; }
export -f cd

Any scripts called in this environment using cd will break (consider the effects of something like cd dir && rm -rf .).

There are commands to check the type of a command (conveniently called type) and commands for executing the builtin version rather than a function (builtin and command). But, lo and behold, these can be overridden using functions as well

builtin() { "$@"; }
command() { "$@"; }
type() { echo "$1 is a shell builtin"; }

Will yield the following:

$ type cd
cd is a shell builtin
$ cd x
muahaha
$ builtin cd x
muahaha
$ command cd x
muahaha

Is there any way to safely force bash to use the builtin command, or at least detect that a command isn't a builtin, without clearing the entire environment?

I realize if someone controls your environment you're probably screwed anyway, but at least for aliases you've got the option to not call the alias by inserting a \ before it.

There's a similar question that deals with the 'wrapping' scenario, where you want to replace for example cd with a command that calls the builtin cd.

However, in light of shellshock et al and knowing that bash imports functions from the environment, I've done a few tests and I can't find a way to safely call the builtin cd from my script.

Consider this

cd() { echo "muahaha"; }
export -f cd

Any scripts called in this environment using cd will break (consider the effects of something like cd dir && rm -rf .).

There are commands to check the type of a command (conveniently called type) and commands for executing the builtin version rather than a function (builtin and command). But, lo and behold, these can be overridden using functions as well

builtin() { "$@"; }
command() { "$@"; }
type() { echo "$1 is a shell builtin"; }

Will yield the following:

$ type cd
cd is a shell builtin
$ cd x
muahaha
$ builtin cd x
muahaha
$ command cd x
muahaha

Is there any way to safely force bash to use the builtin command, or at least detect that a command isn't a builtin, without clearing the entire environment?

There's a similar question that deals with the 'wrapping' scenario, where you want to replace for example cd with a command that calls the builtin cd.

However, in light of shellshock et al and knowing that bash imports functions from the environment, I've done a few tests and I can't find a way to safely call the builtin cd from my script.

Consider this

cd() { echo "muahaha"; }
export -f cd

Any scripts called in this environment using cd will break (consider the effects of something like cd dir && rm -rf .).

There are commands to check the type of a command (conveniently called type) and commands for executing the builtin version rather than a function (builtin and command). But, lo and behold, these can be overridden using functions as well

builtin() { "$@"; }
command() { "$@"; }
type() { echo "$1 is a shell builtin"; }

Will yield the following:

$ type cd
cd is a shell builtin
$ cd x
muahaha
$ builtin cd x
muahaha
$ command cd x
muahaha

Is there any way to safely force bash to use the builtin command, or at least detect that a command isn't a builtin, without clearing the entire environment?

I realize if someone controls your environment you're probably screwed anyway, but at least for aliases you've got the option to not call the alias by inserting a \ before it.