The best way to use the shell is to use pipes to combine simple single-purpose programs (filters).
dash and ksh are safe, because they don't allow defining a function named unset, as you've discovered, and any alias form can be bypassed by invoking as \unset.bash, when in POSIX compatibility mode, allows you to define a function named unset, but ignores it when you invoke unset, and always executes the builtin, as you've later discovered.
with no control over the execution environment, you cannot write shell scripts that are fully immune to tampering, unless you know that your code will be executed by
dash, ksh, or bash (with the workaround in place).- If you're willing to assume that
unsethas not been tampered with, the most robust approach is to:- Use
\unset -fto ensure thatunaliasandcommandare unmodified (not shadowed by a shell function:\unset -f unalias command)- Functions, unlike aliases, must be undefined explicitly, by name, but not all shells provide a mechanism to enumerate all defined functions, unfortunately (
typeset -fworks inbash,ksh, andzsh, butdashappears to have no mechanism at all), so that undefining all functions is not always possible.
- Functions, unlike aliases, must be undefined explicitly, by name, but not all shells provide a mechanism to enumerate all defined functions, unfortunately (
- Use
\unalias -ato remove all aliases.
No comments:
Post a Comment