My question "but what if a real value is ever sent that looks like one of these magic values?" is usually countered with "but who's ever going to send this value?"
Have experienced the same situation so many times with CSV... "Who's ever going to have a doublequote in their name?" At least there is an escaping facility in most formats.
I haven't seen any "how this was discovered" for the bash bug, but my bet is that someone needed to store "() {" in an environment variable in a shell script. It's not inconceivable - the first thing that comes to mind is a shell script that generates shell script functions.
There are so many ways of transferring functions to subshells that don't involve magic values in a free-form key/value store, but all of them would have been more complicated, so people chose the quick hack.
I'd say the problem is more that they chose to use the name of the function as the name of the environment variable; this would not have been an issue if it stuffed all the function definitions together in an environment variable with a special name, like BASH_FUNCS. Shells already interpret environment variables with special names in certain ways (e.g. PS1, PROMPT_COMMAND), up to and including command execution, so this way would fit with that model far better.
Have experienced the same situation so many times with CSV... "Who's ever going to have a doublequote in their name?" At least there is an escaping facility in most formats.
I haven't seen any "how this was discovered" for the bash bug, but my bet is that someone needed to store "() {" in an environment variable in a shell script. It's not inconceivable - the first thing that comes to mind is a shell script that generates shell script functions.
There are so many ways of transferring functions to subshells that don't involve magic values in a free-form key/value store, but all of them would have been more complicated, so people chose the quick hack.
I'd say the problem is more that they chose to use the name of the function as the name of the environment variable; this would not have been an issue if it stuffed all the function definitions together in an environment variable with a special name, like BASH_FUNCS. Shells already interpret environment variables with special names in certain ways (e.g. PS1, PROMPT_COMMAND), up to and including command execution, so this way would fit with that model far better.