Re: A good time to switch to dash as /bin/sh?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Fri, Sep 26, 2014, at 02:52 PM, lolilolicon wrote:
> On Fri, Sep 26, 2014 at 4:20 PM, Martti Kühne <mysatyre@xxxxxxxxx> wrote:
> [...]
> > Despite that I'm still not convinced as to why
> > the issue in question is such a big deal, I must say it's unlikely
> > we're better off with a less active, less used shell.
> 
> Put simply, bash has too much bloat. That includes obscure dark corners
> like function export/import, where bash interprets an ENV whose value
> starts with '() {' as a function definition. And this behavior is not
> inhibited even when bash is invoked as sh.
> 
> In contrast, a minimal implementation of the POSIX shell implements only
> such well defined features. That means security people know where to
> look for bugs. Being Minimal in itself also promises fewer bugs.
> 
> I do not have hard numbers about dash; but I think it's to be trusted.
> It has a long history. It's maintained. It's not being actively
> developed, because it does not have features to add, and it does not
> have bugs to fix that resulted from added features. It's used by
> debian-based distros as /bin/sh so it's not exactly lacking testing.
> 
> The only real "cultural incompatibility" I see in Arch's switching to
> dash as /bin/sh is that dash is "too Debian". dash is "feature
> complete"; it's not going to push the POSIX shell standard forward. That
> it *follows* the standard. That it's not bleeding edge.
> 
> But who wants /bin/sh to bleed?

i just ran the "checkbashisms" script from the AUR on my /usr/bin using
the command from the wiki:

# checkbashisms -f -p $(grep -rlE '^#! ?/bin/(env )?sh' /usr/bin)

which revealed 470 instances of putative bashisms in scripts using
#!/bin/sh. Assuming that these bashisms all come from upstream, patching
and maintaining them would be a chore.

To be clear, I'm not against what you're saying, I'm just saying that
making and maintaining that transition would be difficult. I have 761
packages installed on my system, and I get 470 instances of putative
bashisms. I'm guessing there will be others for whom this number will be
far greater.

-- 
Cheers!
Savya
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux