Hi all!
I patched 4 servers some weeks ago ( bash version: 4.3.27(1) ) following the https://shellshocker.net/ guide (which it's a simple easy way for downloading https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz plus patches and compile it) Today I realized some processes were not working as expected. After some investigation I've realized that when executing commands as: su - [user] -c [command] neither .bashrc o .bash_profile on user home directory are executed. If I just execute su - [user] everything it's fine. I've changed the user shell on /etc/passwd to the previous ( original vulnerable) bash and my scripts are back to work. Servers are Fedora 6 (I know, a bit old... bus stable :-), CentOS and Oracle Linux. All of them RedHat based, just in case it matters. Should I take this as bug?. Or it's a side effect?. A fault in my side for some compilation option? Thank you in advanced,
