Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

7
  • 2
    One of these days, I'll be in the psychiatric ward somewhere after trying to wrap my head around one of your answers. :D How does the other answer suffer from arbitrary code execution? Can you provide an example? Commented Jan 2, 2016 at 4:11
  • 3
    @muru - not unless an argument is an invalid name. but that's not the problem - the problem is that input is not validated. yes, it is required that you pass it an argument with a weird name to make it execute arbitrary code - but that's pretty much the basis for every CVE in history. if you try to export a weird name, it won't kill your computer. Commented Jan 2, 2016 at 4:31
  • 1
    @muru - oh, and the arguments can be arbitrary: var=something; varname=var; export "$varname" is perfectly valid. the same goes for unset, and with this and with the other, but the minute the contents of that "$varname" variable get crazy, it could be regrettable. and that's pretty how that whole bash function export debacle happened anyway. Commented Jan 2, 2016 at 4:38
  • 1
    @mikeserv i think you'd get a lot more upvotes (at least from me) if you replaced that obfuscated code with code that explains itself (or commented the lines, at least) Commented Jan 2, 2016 at 15:03
  • 1
    @PSkocik - done. Commented Jan 2, 2016 at 19:49