diff --git a/lib/chibi/ast.scm b/lib/chibi/ast.scm
index 32a049ff..81c62bf9 100644
--- a/lib/chibi/ast.scm
+++ b/lib/chibi/ast.scm
@@ -356,6 +356,19 @@
 ;;> Returns the first string cursor of \var{pat} in \var{str},
 ;;> of \scheme{#f} if it's not found.
 
+;;> \procedure{(safe-setenv name value)}
+
+;;> Equivalent to \scheme{setenv} but does nothing and returns
+;;> \scheme{#f} if \var{value} is a function definition.  Used to
+;;> circumvent the vulnerability of the shellshock bug.
+
+(define (safe-setenv name value)
+  (define (function-def? str)
+    (and (> (string-size value) 5)
+         (equal? "() {" (substring value 0 4))))
+  (and (not (function-def? value))
+       (setenv name value)))
+
 ;;> \procedure{(atomically expr)}
 
 ;;> Run \var{expr} atomically, disabling yields.  Ideally should only be
diff --git a/lib/chibi/ast.sld b/lib/chibi/ast.sld
index c9356be1..2ce1a223 100644
--- a/lib/chibi/ast.sld
+++ b/lib/chibi/ast.sld
@@ -36,7 +36,7 @@
    type-name type-cpl type-parent type-slots type-num-slots type-printer
    object-size integer->immediate gc atomically thread-list
    string-contains errno integer->error-string
-   flatten-dot update-free-vars! setenv unsetenv)
+   flatten-dot update-free-vars! setenv unsetenv safe-setenv)
   (import (chibi))
   (include-shared "ast")
   (include "ast.scm"))