On Thu, May 19, 2016 at 11:05 AM, Chet Ramey <[email protected]> wrote:
> * The %s_PID variable is unbound unconditionally
> >
> > BTW, this is exploitable for unsetting read-only variables.
>
> Same change as for getopts.
>
This should probably instead be the same change as was previously done for
unsetting the FD array variable, i.e.:
diff --git a/execute_cmd.c b/execute_cmd.c
index 09f4772..e9a0b9d 100644--- a/execute_cmd.c+++ b/execute_cmd.c
@@ -2239,7 +2239,7 @@ coproc_unsetvars (cp)
namevar = xmalloc (l + 16);
sprintf (namevar, "%s_PID", cp->c_name);- unbind_variable_noref
(namevar);+ check_unbind_variable (namevar);
#if defined (ARRAY_VARS)
check_unbind_variable (cp->c_name);
Otherwise the wrong thing gets unset:
$ declare -n ref_PID=var; coproc ref { :; }; wait; declare -p ref_PID var
[1] 50943
[1]+ Done coproc ref { :; }
bash: declare: ref_PID: not founddeclare -- var="50943"
