CVE-2016-7543
http://lists.gnu.org/archive/html/bug-bash/2016-10/msg00009.html

diff -ru variables.c.orig variables.c
--- variables.c.orig
+++ variables.c
@@ -495,7 +495,11 @@
 #endif
       set_if_not ("PS2", secondary_prompt);
     }
-  set_if_not ("PS4", "+ ");
+
+  if (current_user.euid == 0)
+    bind_variable ("PS4", "+ ", 0);
+  else
+    set_if_not ("PS4", "+ ");

   /* Don't allow IFS to be imported from the environment. */
   temp_var = bind_variable ("IFS", " \t\n", 0);