Eric Blake wrote:
And _that's_ what I want changed, by proposing that bash use 'f()=...'
rather than 'f=() {...' as the magic it uses for exporting functions
from parent to child.
---
That could still be put in the environment (though not as easily w/o
special code).
Not that it is any more secure but how about replacing '()' with
'ƒ(8-byte-hex-sig)'
that is some crypto-sig of the function? If it matches the function's
sig, then function
would be read in. Of course like any crypto function, it's crackable,
but to toss
in enough bits to really forestall that, would be prohibitive unless
done on a
whole 'block' of imported info, i.e.
For more security, one could use cryptographic signing of a sequence of
BASH keys with the public key left in the environment and private key left
in a trusted kernel tpm keyring...(god that sounds painful -- but would like
by the method to really tie this down if that was really needed). But
script
isn't supposed to be the last line defense against launching the missiles.
_______________________________________________
Autoconf mailing list
Autoconf@xxxxxxx
https://lists.gnu.org/mailman/listinfo/autoconf