[OpenIndiana-discuss] Bash bug issue
The Outsider
openindiana at out-side.nl
Mon Oct 6 17:58:11 UTC 2014
Search q-nap & shellshock and you see how deep this goes...
On 6 oktober 2014 19:28:00 David Brodbeck <brodbd at uw.edu> wrote:
> On Thu, Oct 2, 2014 at 8:12 AM, Alan Coopersmith <
> alan.coopersmith at oracle.com> wrote:
>
> > On 10/ 2/14 07:00 AM, Brandon Hume wrote:
> >
> >> On many (most? all?) Linuxes, /bin/sh *is* /bin/bash.
> >>
> >
> > Many, but not all - the Debian family and some others use a lighter weight,
> > POSIX compatible shell instead, dash, the Debian Almquist Shell; and many
> > embedded distros use BusyBox instead.
> >
> > https://en.wikipedia.org/wiki/Almquist_shell
> > http://lwn.net/Articles/343924/
>
>
>
> A big driver of this was faster boot, since boot scripts run on /bin/sh.
> On some systems the startup time for all those bash processes was a
> considerable portion of the total boot time.
>
> Note: It's not enough to make sure no CGI scripts are being run with
> /bin/bash. You also need to make sure no bash processes are being launched
> by other scripts, since many scripting languages launch a shell to run
> external commands. Unless the environment is explicitly cleared these are
> likely to inherit the environment of the calling process, with all the
> nasties in it.
>
> --
> D. Brodbeck
> System Administrator, Linguistics
> University of Washington
> GPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
More information about the openindiana-discuss
mailing list