popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.