[Nix-dev] bash: error importing function definition for `BASH_FUNC_module()'

[Andreas Herrmann]

Dear Nixers,

for a few days now I'm having issues with a number of programs that are managed by nix. E.g. gcc 4.9, or nix-prefetch-git.

When I try to run these commands I get the following error message:

    $ nix-prefetch-git
    /nix/store/7k7wanhlkwzwaj55dirf9r0291z02hng-bash-4.2-p49/bin/bash: error importing function definition for `BASH_FUNC_module()'

I suspect that this is related to the recent bash vulnerability [1].
I am using nixpkgs on openSUSE 13.1. openSUSE has all recent updates installed. And nixpkgs is on the current checkout of master.
My system bash-version is `4.2.47(1)-release (x86_64-suse-linux-gnu)`. The nixpkgs bash-version is `4.2.48(1)-release (x86_64-unknown-linux-gnu)`.

The environment variable (bash function) `BASH_FUNC_module` is introduced by the `Modules` package [2] and reads:

    $ env
    # ...
    BASH_FUNC_module()=() {  eval `/usr/share/Modules/$MODULE_VERSION/bin/modulecmd bash $*`
    }
    # ...

This thing is deeply nested in the global system configuration. Hence, it is not sufficient to just wipe the corresponding environment variable, because the next instance of bash is just going to read it from the global configuration again.

I don't understand why this issue appears. I thought that both nixpkgs, and openSUSE had the same necessary security patches for bash. Why are the openSUSE and the nixpkgs bash versions in conflict?

Best,

Andreas

[1]: https://access.redhat.com/articles/1200223
[2]: http://modules.sourceforge.net/