You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Pedro Giffuni (JIRA)" <ji...@apache.org> on 2014/09/28 23:18:35 UTC
[jira] [Commented] (HADOOP-10797) Hardcoded path to "bash" is not
portable
[ https://issues.apache.org/jira/browse/HADOOP-10797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14151220#comment-14151220 ]
Pedro Giffuni commented on HADOOP-10797:
----------------------------------------
I wanted to clarify that the issue here is not *BSD (or Solaris, which is supposed to be the best platform for Java development) but the unnecessary dependency on a copyleft tool:
http://www.apache.org/legal/resolved.html#category-x
In light of the "ShellShock" vulnerability this discussion takes a new twist, though. It is not clear if this is the only vulnerability that will be found so it would be better to not depend on a specific shell.
Checkbashisms is your friend:
http://sourceforge.net/projects/checkbaskisms/
> Hardcoded path to "bash" is not portable
> ----------------------------------------
>
> Key: HADOOP-10797
> URL: https://issues.apache.org/jira/browse/HADOOP-10797
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.4.1
> Reporter: Dmitry Sivachenko
> Attachments: bash.patch
>
>
> Most of shell scripts use shebang ling in the following format:
> #!/usr/bin/env bash
> But some scripts contain hardcoded "/bin/bash" which is not portable.
> Please use #!/usr/bin/env bash instead for portability.
> PS: it would be much better to switch to standard Bourne Shell /bin/sh, do these scripts really need bash?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)