2026-06-14 –, Piedmont 1-3 (anywAIR Ballroom)
Bash scripts run the world but each is an injection vulnerability waiting to happen. sash compiles a safe subset to static native binaries - taint tracking, no eval, no word splitting, no injection. Your scripts, made safe.
What constructs make bash unsafe? Can you leave the interpreter behind? Can you pass the security review? This talk answers all three: a subset that expresses intent explicitly, clear trust boundaries, and small static binaries. With live demos.
Dan Good is a principal engineer in Microsoft's Linux Systems Group. He's been working with Unix since 1990 and has spoken at SELF on regex, bash, Forth, and APL. He lives in Marietta, Georgia, and builds compilers and climbs crags for fun.