On Thu, Oct 02, 2014 at 11:22:18AM -0500, Bruno Wolff III wrote: > I think the disconnect there was that people assumed that as long as > you controlled which environment variables (by name) were passed you > were OK. It was assumed that the values weren't processed outside of > what you explicitly did. Agreed. > Unless the defining functions in environment values feature is > disabled, this expectation is still broken, regardless of the parser > fix. And I wouldn't be surprised if more issues come up in the > future because of it. For the case of arbitrary variables (like USER_AGENT), the problem is closed, because now only variables prefixed BASH_FUNC_ and with a suffix of () in our current patch or %% upstream are scanned for function definitions. -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
