[OpenIndiana-discuss] Bash bug issue

David Brodbeck brodbd at uw.edu
Mon Oct 6 17:21:43 UTC 2014


On Thu, Oct 2, 2014 at 8:12 AM, Alan Coopersmith <
alan.coopersmith at oracle.com> wrote:

> On 10/ 2/14 07:00 AM, Brandon Hume wrote:
>
>> On many (most?  all?) Linuxes, /bin/sh *is* /bin/bash.
>>
>
> Many, but not all - the Debian family and some others use a lighter weight,
> POSIX compatible shell instead, dash, the Debian Almquist Shell; and many
> embedded distros use BusyBox instead.
>
> https://en.wikipedia.org/wiki/Almquist_shell
> http://lwn.net/Articles/343924/



A big driver of this was faster boot, since boot scripts run on /bin/sh.
On some systems the startup time for all those bash processes was a
considerable portion of the total boot time.

Note: It's not enough to make sure no CGI scripts are being run with
/bin/bash.  You also need to make sure no bash processes are being launched
by other scripts, since many scripting languages launch a shell to run
external commands.  Unless the environment is explicitly cleared these are
likely to inherit the environment of the calling process, with all the
nasties in it.

-- 
D. Brodbeck
System Administrator, Linguistics
University of Washington
GPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875


More information about the openindiana-discuss mailing list