I should not have replied until I had more time to respond clearly, sorry.

The BASH_FUNC_foo()=() { ... is nice, it's how it should have been from the get go. Besides having a nice prefix that owns them all (what about arrays though)it makes it hard to set an exported function from the shell using = cause of the () suffix. That's clever, promotes the use of export -f basically from bash itself.

Unfortunately it breaks how to do it from everything other than bash cause it's not backwards compatible, and people like me had done that. Now I realize that I had done it for not great reasons with other better ways to do what I wanted. I think most everyone else that had exported functions would have felt the same. So very few people actually need exported functions, most can come-up with a work-around.

Taking that into account what is trying to be accomplished here with any patch? Really it's to prevent a future vulnerability, that should be the goal. Going back, the first vulnerability was that when the shell was initializing more got executed than intended. Then the next (which I can't figure-out how to exploit) was because of state from that initialization being kept around (in this case from an error bailing) and then messing-up later execution.

It's sort of a hackish way to do all this, right? It only took a day for someone to find another bug, I was able to get bash to seg fault left and right when I was looking into it myself before the patches. What is the chance that there is another bug in that parser say? Noby knows for sure.

The netbsd approach goes: Fix the current bugs, because there are so few reasons to export functions, so few people do so, most people can find another approach, and the way that they are implemented might be found vulnerable => do not ever export functions by default. As a courtesy to those that have and that still must, provide an option to allow them and do not break backwards compatibility so those with the most trouble need only add the option instead of changing other complicated squirrelly things.

The redhat approach goes: Fix the current bugs, because there are people that export functions, let us do it in a more sensible way. Now since we have a prefix and suffix, we protect against an attacker being able to create arbitrary function definitions. If an attacker could control BASH_FUNC_foo()=, then they would go after lower hanging fruit anyway. As a courtesy, if the people used export -f, it is compatible.

So it's a philosophical thing. The limitation of the redhat approach is there are people like me that feel there will be more bugs in bash. The parser is complicated, it is being called in this early place, state remains for later, I expect that it will not be too much to get bash to segfault again, and then it's careful analysis to see if payload can be crafted to get it to execute instead of simply seg fault. So I would like a way to have it just not do any of that by default. The redhat approach does not give me a way to do that. I value that more, plus being backward compatible. The redhat approach values having a safer way to pass functions, one that continues to allow that by default, but breaks compatibility and does not allow me to disable it at all.

Personally I like this approach from netbsd much better, it's not ripped-out, just disabled by default. Though it would be nice if there was a single char shopt so set, $-, and shebangs could all work with it, but then again it might be such a rare (and somewhat questionable) thing to export functions that it's a good idea just to leave it like this with only a longopt. Might force people to think about it some and use /usr/bin/env foo=bar ... - /bin/bash now, or just do the system(exec ... like I had above. But changing the shebang would be simplest, something like #!/bin/sh -g for the scripts that need it. And yes I had to deal with code like this doing exporting functions from perl and C in the past, it was for gross reasons to emulate older systems poorly.

http://seclists.org/oss-sec/2014/q3/755