Re: Be careful how you test
"The example exploit code does not necessarily work."
Fair point - it was testing whatever shell was your /bin/sh. I've tweaked the code to test /bin/sh and Bash explicitly. Bear in mind, on OS X, /bin/sh is Bash and not a symlink and is thus vulnerable.
C.