Hey,
Seems oddly appropriate to hear that RMS is coming and then find out about
issues with BASH.
One of my co-workers just shared this through the office and I thought
you guys might want to know about it.
Essentially BASH is executing commands that are put into an environtment
variable that holds a function.
https://marc.info/?l=oss-security&m=141157106132018&w=2
Described attack vectors include bash scripts called through CGI and
OpenSSH.
So have fun with that one.
- Mike