[UFO Chicago] The Bash Bug and the OpenSSL Bug

Neil R. Ormos ormos at ripco.com
Fri Oct 31 09:49:20 PDT 2014


jay at m5.chicago.il.us wrote:

> Specifically, I have been wanting to have a
> speaker at the Chicago C/C++ Users' Group who
> would give a presentation on the bash bug, [...]
> And if that topic is too short to devote an
> entire meeting to it, we could couple it with a
> presentation of the OpenSSL bug, [...]  This was
> arguably worse than the bash bug, because the
> bash bug affected only one program (albeit the
> single most frequently-invoked program in all of
> Unix), [...]

It is true that bash is the single most
frequently-invoked program in all of Unix?

I'm not sure it's even the most frequently-invoked
shell.

If by "Unix" you're referring to commercial Unix,
most "system" scripts (i.e., those not written by
the end user) have traditionally invoked /bin/sh,
which historically hasn't been bash, though
perhaps commercial Unix products more recent than
what I use have changed that.

If you're referring to operating systems based on
the Linux kernel, while some system scripts
explicitly use bash, many more use /bin/sh, so the
shell that's actually invoked is up to the
distribution.  At least for Debian and its
derivatives, I believe /bin/sh is symlinked to
dash.

I don't know what the various BSD flavors use.

But "market share" doesn't really tell us which
shell is actually (dynamically) invoked the
most. I wonder how one could figure that out
without some sort of instrumentation.


More information about the ufo mailing list