Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site psivax.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!genrad!decvax!ittatc!dcdwest!sdcsvax!sdcrdcf!psivax!friesen
From: friesen@psivax.UUCP (Stanley Friesen)
Newsgroups: net.unix
Subject: Re: Exporting shell functions into shell files
Message-ID: <878@psivax.UUCP>
Date: Tue, 26-Nov-85 13:23:28 EST
Article-I.D.: psivax.878
Posted: Tue Nov 26 13:23:28 1985
Date-Received: Thu, 28-Nov-85 23:56:56 EST
References: <4588@alice.UUCP> <595@ttrdc.UUCP>
Reply-To: friesen@psivax.UUCP (Stanley Friesen)
Organization: Pacesetter Systems Inc., Sylmar, CA
Lines: 34

>In article <4588@alice.UUCP>, rob@alice.UucP (Rob Pike) writes:
>>I will use two examples to explain why you want to export shell functions:
>
>>hide takes a list of names and makes empty functions from them: functions
>>that just echo that they were called, but that do nothing.  
>>  This is useful
>>for debugging shell scripts and makefiles:
>>	% hide rm
>>	% rm foo
>>	hidden rm foo
>>	%
>>rm didn't really run, but you can see it would have.  So if "futz" is a shell
>>program you're working on that (once working) removes things, you can
>>debug futz without fear of losing precious files.  It's more useful that
>>these be functions than files because there is nothing to clean up later:
>>the functions go away when the shell you're working in disappears - when you
>>log off or delete the window.

	The problem with this is that it creates a serious security
hole. A user may inadvertantly or maliciously redefine a command used
by a system shell script changing its behavior radically. A system
command that suddenly stops using due to some independent action or
which can be made to do whatever the user wants by tricking it into
executing the user's program is very dangerous.
	Thus this sort of facility *must* have an escape mechanism.
There shold be a simple, direct way of *deleting* *all* defined shell
functions in a secure shell script. You know something like 'undefine all'.
Without this the mechanism is too dangerous.
-- 

				Sarima (Stanley Friesen)

UUCP: {ttidca|ihnp4|sdcrdcf|quad1|nrcvax|bellcore|logico}!psivax!friesen
ARPA: ttidca!psivax!friesen@rand-unix.arpa