Comment 6 for bug 712662

Kees Cook (kees) wrote :

Well, as much as the shell is a separate class of execution environment, it seems the trouble is mostly with strict AppArmor profile writing. Metacharacter vulnerabilities would allow the execution of other tools that do allow networking (nc, perl, python, awk). The only kind of attack that would be exclusively solved would be when "$(`" are filtered, but not "<>". This seems like too small an attack surface to justifying a delta from Debian, much less a delta from every other distribution.