I think almost as severe as CVE-2014-6271 is that it's still possible to mask commands in a bash script by changing it's environment.
For example, true='() { false;}' or grep='() { /bin/id;}' ...
I think almost as severe as CVE-2014-6271 is that it's still possible to mask commands in a bash script by changing it's environment.
For example, true='() { false;}' or grep='() { /bin/id;}' ...