On 2014-09-26, William A Stein <[email protected]> wrote: > On Fri, Sep 26, 2014 at 7:06 AM, John Cremona <[email protected] ><javascript:;>> wrote: >> On 26 September 2014 14:59, Dima Pasechnik <[email protected] ><javascript:;>> wrote: >>> From the noises I hear, in particular on our departamental email, > sysadmins might be tempted to "rm -f /bin/bash" >>> from any place they can get their hands on. >>> >>> It might mean that for building/working with Sage one will need a > separate install of bash. >>> (or we should switch to another shell...) >> >> I just updated the ubuntu systems I administer and the problem went >> away. Here is a diagnistic I found online: >> >> jec@lmfdb:~$ x='() { :;}; echo VULNERABLE' bash -c : >> bash: warning: x: ignoring function definition attempt >> bash: error importing function definition for `x' >> >> On a vulnerable system, it outputs VULNERABLE. > > 1. John: My impression is that certain people are so panicked about this > (perhaps rightfully so, who knows), that they are paranoid > that even though the above worrisome behavior doesn't occur, something > similar will. > > 2. Dima -- do we specifically use bash features in the build scripts of > Sage?
Sage scripts have "!/usr/bin/env bash" all over the place. I don't know about 'bashisms' though - one should test on a Debian system, where bash is not essential, as they have a push to move to dash years already on. (and so removing bash and making it a symbolic link to dash). -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
