Eric Blake wrote:
> This is a known issue, but NOT necessarily a security bug. In other
> words, it's no worse than running:
>
> env LD_PRELOAD=... ./test.sh
>
> with a malicious preload library. Remember, the security aspect of
> CVE-2014-6271 is that bash does unwanted parsing of the _content
On 09/26/2014 11:31 AM, Norihiro Tanaka wrote:
> I tried 4.3.25 in order to check the details of CVE-2014-6271, and
> confirmed that the bug is fixed with a test case.
>
> Next, I tried following case, and receive an output `rm -rf /'. I seem
> that is designed, but it's also vulnerable.
>
> $ c
