CVE-2019-18276: Bash restricted-bypass via enable -f loading shared objects

CVE-2019-18276 in bash-5.0. Two interlinked restricted-bypass attack paths using the enable -f builtin to load arbitrary shared objects. Path 1 (named CVE - disable_priv_mode): When bash runs as setuid (euid!=uid), disable_priv_mode() in shell.c:1291-1310 drops effective UID via setuid(real_uid) but does NOT set restricted=1. Since restricted==0, a script can call enable -f /evil.so. On POSIX systems where setuid() does not clear the saved UID, the loaded shared library can call seteuid(saved_euid) to restore elevated privileges. Path 2 (rbash startup window): shell.c:668-669 sets restricted=0 before processing startup files, restoring it at line 709. During .bashrc execution, enable -f /evil.so evil_cmd succeeds (restricted==0). The loaded builtin persists after restrictions are restored.