1. Home
2. Questions
3. Unanswered
4. AI Assist Labs
5. Tags
7. Chat
8. Users
10. Companies
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Stack Internal
Bring the best of human thought and AI automation together at your work. Learn more

Return to Answer

replaced http://unix.stackexchange.com/ with https://unix.stackexchange.com/

Source Link

edited Apr 13, 2017 at 12:36

Community Bot

1

I realize if someone controls your environment you're probably screwed anyway

Yes, that. If you run a script in an unknown environment, all manner of things can go wrong, starting with LD_PRELOAD causing the shell process to execute arbitrary code before it even reads your script. Attempting to protect against a hostile environment from inside the script is futile.

Sudo has been sanitizing the environment by removing anything that looks like a bash function definition for over a decade. Since Shellshock Shellshock, other environments that run shell script in a not-fully-trusted environment have followed suit.

You cannot safely run a script in an environment that has been set by an untrusted entity. So worrying about function definitions is not productive. Sanitize your environment, and in doing so variables that bash would interpret as function definitions.

I realize if someone controls your environment you're probably screwed anyway

Yes, that. If you run a script in an unknown environment, all manner of things can go wrong, starting with LD_PRELOAD causing the shell process to execute arbitrary code before it even reads your script. Attempting to protect against a hostile environment from inside the script is futile.

Sudo has been sanitizing the environment by removing anything that looks like a bash function definition for over a decade. Since Shellshock, other environments that run shell script in a not-fully-trusted environment have followed suit.

You cannot safely run a script in an environment that has been set by an untrusted entity. So worrying about function definitions is not productive. Sanitize your environment, and in doing so variables that bash would interpret as function definitions.

I realize if someone controls your environment you're probably screwed anyway

Yes, that. If you run a script in an unknown environment, all manner of things can go wrong, starting with LD_PRELOAD causing the shell process to execute arbitrary code before it even reads your script. Attempting to protect against a hostile environment from inside the script is futile.

Sudo has been sanitizing the environment by removing anything that looks like a bash function definition for over a decade. Since Shellshock, other environments that run shell script in a not-fully-trusted environment have followed suit.

You cannot safely run a script in an environment that has been set by an untrusted entity. So worrying about function definitions is not productive. Sanitize your environment, and in doing so variables that bash would interpret as function definitions.

Source Link

answered Mar 6, 2015 at 0:05

Gilles 'SO- stop being evil'

866.1k
205
1.8k
2.3k

I realize if someone controls your environment you're probably screwed anyway

Yes, that. If you run a script in an unknown environment, all manner of things can go wrong, starting with LD_PRELOAD causing the shell process to execute arbitrary code before it even reads your script. Attempting to protect against a hostile environment from inside the script is futile.

Sudo has been sanitizing the environment by removing anything that looks like a bash function definition for over a decade. Since Shellshock, other environments that run shell script in a not-fully-trusted environment have followed suit.

You cannot safely run a script in an environment that has been set by an untrusted entity. So worrying about function definitions is not productive. Sanitize your environment, and in doing so variables that bash would interpret as function definitions.