I tried 4.3.25 in order to check the details of CVE-2014-6271, and
confirmed that the bug is fixed with a test case.
Next, I tried following case, and receive an output `rm -rf /'. I seem
that is designed, but it's also vulnerable.
$ cat <<EOF >test.sh
#!/bin/bash
cat /dev/null
EOF
$ chmod a+x test.sh
$ env cat='() { echo rm -rf /; }' ./test.sh
`cat' command is often used. If we set write malicious code to
environment variable named `cat', I see that it's often run, even if not
expected.
Thanks,
Norihiro
