Search q-nap & shellshock and you see how deep this goes...
On 6 oktober 2014 19:28:00 David Brodbeck <bro...@uw.edu> wrote:
On Thu, Oct 2, 2014 at 8:12 AM, Alan Coopersmith < alan.coopersm...@oracle.com> wrote: > On 10/ 2/14 07:00 AM, Brandon Hume wrote: > >> On many (most? all?) Linuxes, /bin/sh *is* /bin/bash. >> > > Many, but not all - the Debian family and some others use a lighter weight, > POSIX compatible shell instead, dash, the Debian Almquist Shell; and many > embedded distros use BusyBox instead. > > https://en.wikipedia.org/wiki/Almquist_shell > http://lwn.net/Articles/343924/ A big driver of this was faster boot, since boot scripts run on /bin/sh. On some systems the startup time for all those bash processes was a considerable portion of the total boot time. Note: It's not enough to make sure no CGI scripts are being run with /bin/bash. You also need to make sure no bash processes are being launched by other scripts, since many scripting languages launch a shell to run external commands. Unless the environment is explicitly cleared these are likely to inherit the environment of the calling process, with all the nasties in it. -- D. Brodbeck System Administrator, Linguistics University of Washington GPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875 _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss