Comment # 6 on bug 910500 from grant k

> It looks like this bug makes it possible to execute arbitrary shell commands as > root by including them in an MD_NAME, for example
> 
>         MD_NAME=; rm -rf /

if true, cc'ing security-team