Eric Blake wrote:
> This is a known issue, but NOT necessarily a security bug. In other
> words, it's no worse than running:
>
> env LD_PRELOAD=... ./test.sh
>
> with a malicious preload library. Remember, the security aspect of
> CVE-2014-6271 is that bash does unwanted parsing of the _content
I tried 4.3.25 in order to check the details of CVE-2014-6271, and
confirmed that the bug is fixed with a test case.
Next, I tried following case, and receive an output `rm -rf /'. I seem
that is designed, but it's also vulnerable.
$ cat
