You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Pedro Giffuni (JIRA)" <ji...@apache.org> on 2014/09/28 23:18:35 UTC

[jira] [Commented] (HADOOP-10797) Hardcoded path to "bash" is not portable

    [ https://issues.apache.org/jira/browse/HADOOP-10797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14151220#comment-14151220 ] 

Pedro Giffuni commented on HADOOP-10797:
----------------------------------------

I wanted to clarify that the issue here is not *BSD (or Solaris, which is supposed to be the best platform for Java development) but the unnecessary dependency on a copyleft tool:
http://www.apache.org/legal/resolved.html#category-x

In light of the "ShellShock" vulnerability this discussion takes a new twist, though. It is not clear if this is the only vulnerability that will be found so it would be better to not depend on a specific shell.

Checkbashisms is your friend:
http://sourceforge.net/projects/checkbaskisms/


> Hardcoded path to "bash" is not portable
> ----------------------------------------
>
>                 Key: HADOOP-10797
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10797
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.4.1
>            Reporter: Dmitry Sivachenko
>         Attachments: bash.patch
>
>
> Most of shell scripts use shebang ling in the following format:
> #!/usr/bin/env bash
> But some scripts contain hardcoded "/bin/bash" which is not portable.
> Please use #!/usr/bin/env bash instead for portability.
> PS: it would be much better to switch to standard Bourne Shell /bin/sh, do these scripts really need bash?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)