[UFO Chicago] The Bash Bug and the OpenSSL Bug
Neil R. Ormos
ormos at ripco.com
Fri Oct 31 09:49:20 PDT 2014
jay at m5.chicago.il.us wrote:
> Specifically, I have been wanting to have a
> speaker at the Chicago C/C++ Users' Group who
> would give a presentation on the bash bug, [...]
> And if that topic is too short to devote an
> entire meeting to it, we could couple it with a
> presentation of the OpenSSL bug, [...] This was
> arguably worse than the bash bug, because the
> bash bug affected only one program (albeit the
> single most frequently-invoked program in all of
> Unix), [...]
It is true that bash is the single most
frequently-invoked program in all of Unix?
I'm not sure it's even the most frequently-invoked
shell.
If by "Unix" you're referring to commercial Unix,
most "system" scripts (i.e., those not written by
the end user) have traditionally invoked /bin/sh,
which historically hasn't been bash, though
perhaps commercial Unix products more recent than
what I use have changed that.
If you're referring to operating systems based on
the Linux kernel, while some system scripts
explicitly use bash, many more use /bin/sh, so the
shell that's actually invoked is up to the
distribution. At least for Debian and its
derivatives, I believe /bin/sh is symlinked to
dash.
I don't know what the various BSD flavors use.
But "market share" doesn't really tell us which
shell is actually (dynamically) invoked the
most. I wonder how one could figure that out
without some sort of instrumentation.
More information about the ufo
mailing list