Re: A good time to switch to dash as /bin/sh?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, Sep 26, 2014, at 10:29 PM, Doug Newgard wrote:
> Now my question for everyone else is, what will people do *WHEN* a bug 
> is found in dash? Bash is the most tested shell code base we have, and I 
> don't buy into the fallacy that a smaller code base is inherently more 
> secure. Or are you simply relying on security through obscurity?
> Email had 1 attachment:
> + pubkey.asc
>   1k (text/plain)

Dash has Debian in its very name. It's the Debian Almquist Shell. Ubuntu
also uses it. It might not be as tested as bash, but that doesn't mean
it's very rare. I don't think this falls under security through
obscurity. Ubuntu and Debian also shifted to it quite a long while back
(it has been more than 5 years now). Dash comes from Ash (Almquist
Shell), which is from the 90s. The codebase is hardly new.

And as for what people will do, why, they will report it like always.
Has Arch ever encouraged anything else?

-- 
Cheers!
Savya


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux