Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.
We think that this is a security issue because in some circumstances
the bash security feature could be bypassed allowing the bash to be a
valid target shell in an attack.
We strongly recommend to patch your bash code.
Why don't fix this bug by simple adding mandatory "if" clause ?
Any comments about this issue are welcomed.
Details at:
http://hmarco.org/bugs/bash_4.
Thanks you,
Hector Marco
http://hmarco.org