COMMAND

    /bin/false shells

SYSTEMS AFFECTED

    Systems with /bin/false shells

PROBLEM

    This is old news, but it seem to be around still.  Wilhelm Mueller
    brought it up in gnu.bash.bug  in the sense of a  security related
    bug.

    Solaris 2.5.1 and 2.6:

        $ ln -s /usr/bin/true /tmp/e
        $ PATH=/tmp IFS=x /usr/bin/false
        $ echo $?
        0

    This  combined  with  the  habit  of  giving  non-login   accounts
    /bin/false as a shell feels dangerous.

SOLUTION

    Don't  give  /bin/false  shells  for  any account.  Solaris 2.next
    (after  2.6)  /bin/sh   will  no  longer   import  IFS  from   the
    environment.