12 Jan
2010
12 Jan
'10
9:20 p.m.
I was brainstorming to think of possible exploits. It looks like this is valid syntax:
echo normal stuff exit 0 any funky stuff I want pkgver=#$#%$%%^&^$@#$$@^ } more funky stuff {
Running bash -n on that gives 0. Now there's not necessarily anything wrong here---unless your parser doesn't stop parsing at the exit command. If it goes past that, then maybe exploits could be introduced, because we wouldn't be entitled to the assumption that the rest of the code is valid syntax.
-- Jim Pryor
I haven't tested that but I don't think it would be an issue. As long as it doesn't break out of the function declaration, it shoulld work and afaik, you can include "exit" inside a function. I'm not a Bash expert though, so correct me if I'm wrong.