The flaw is not patched correctly. Tavis Ormandy has shown it to be still exploitable.
On 26 September 2014 11:23:59 GMT-07:00, Guus Snijders email@example.com wrote:
Op 26 sep. 2014 16:34 schreef "Doug Newgard" firstname.lastname@example.org: [...]
Instead of theorizing that "many" will do this, give a real world
example of where this happens and would have reduced the attack surface of the bug in question.
One of the very few examples that sound reasonable, is dhclient. Apparently, that can be readily used for this bug to be exploited. Sounds like more of problem with dhclient, though.
I agree that there's a lot of fud out there about this bug; once found (or perhaps: cve assigned), the patches came quickly, so that actually looks quite good for bash!
Switching /bin/sh to dash has been discussed before and we can spend a lot of e-mails on that, but as usual it's up to devs to implement it as such, or not.
Just my E0, 02