[
https://issues.apache.org/jira/browse/HADOOP-10797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14151220#comment-14151220
]
Pedro Giffuni commented on HADOOP-10797:
----------------------------------------
I wanted to clarify that the issue here is not *BSD (or Solaris, which is
supposed to be the best platform for Java development) but the unnecessary
dependency on a copyleft tool:
http://www.apache.org/legal/resolved.html#category-x
In light of the "ShellShock" vulnerability this discussion takes a new twist,
though. It is not clear if this is the only vulnerability that will be found so
it would be better to not depend on a specific shell.
Checkbashisms is your friend:
http://sourceforge.net/projects/checkbaskisms/
> Hardcoded path to "bash" is not portable
> ----------------------------------------
>
> Key: HADOOP-10797
> URL: https://issues.apache.org/jira/browse/HADOOP-10797
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.4.1
> Reporter: Dmitry Sivachenko
> Attachments: bash.patch
>
>
> Most of shell scripts use shebang ling in the following format:
> #!/usr/bin/env bash
> But some scripts contain hardcoded "/bin/bash" which is not portable.
> Please use #!/usr/bin/env bash instead for portability.
> PS: it would be much better to switch to standard Bourne Shell /bin/sh, do
> these scripts really need bash?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
