On Thu, Oct 02, 2014 at 08:33:23AM +0200, Lennart Poettering wrote: > On Wed, 01.10.14 22:39, Rahul Sundaram (metherid@xxxxxxxxx) wrote: > > > Hi > > > > Is it worth considering using Dash as the default (non-interactive) shell > > in Fedora? Other distributions including Ubuntu and Debian ( > > https://lwn.net/Articles/343924/) have been using dash as the default shell > > and Android uses mksh. While this appears to have been done primary to > > increase bootup efficiency (which is not relevant with systemd), it might > > help with security > > > > Since the recent Shellshock aka Bashdoor vulnerability, there have been > > some discussions about more distributions switching over ( > > http://lwn.net/SubscriberLink/614218/019d9a52b0eaae3d/) and I was wondering > > whether it is worth considering for Fedora? FWIW, both dash and mksh is > > already packaged in Fedora. > > This sounds really wrong to me. > > If you change /bin/sh to dash, then you'll have to map two shell > binaries into memory (since the login shell is going to stay on bash), > hence the resource usage grows. You increase the number of packages > and minimal footprint of our OS images since we need to install one > more package. You also increase the attack surface, since there'll be > two shells running. You have to maintain + security-fix more code, /bin/sh isn't supposed to "stay in memory". It's for one-off scripts, not for interactive use. > since you have two packages to look after (Yes, by adding dash to the > default stack you just put the extra burden on Fedora to quickly > update two packages instead of just one in case of a security Only if bash and dash share exactly the same security problems. Which seems unlikely. > problem). You create a *lot* of porting work for all those Ubuntu/Debian did a lot of porting/cleanup work in the years after switching away from bash. We can assume all this proting went upstream and we can just ride on their work. > scripts. You *break* all scripts that currently reference /bin/sh in > the shebang-line but use bashisms. Also, many of the bashisms are > actually pretty useful, hence you replace a more powerful language by > a crappier one. You create an entirely new problem for our users, by > making them *think* whether they actually mean /bin/sh or > /bin/bash. You confuse users by disallowing certain expressions in > scripts that work fine if you type them on the interactive shell. > > So, in order to keep things simpler, faster, more secure, more > maintainable, more compatible, let's please stick with one shell and > one shell only, and let's stay with bash. Thank you. So we shouldn't diverge from dash as /bin/sh? There are probably more Debian+Ubuntu servers than Fedora servers, so majority of systems have dash. "Staying" with bash would mean diverging from majority. -- Tomasz Torcz ,,If you try to upissue this patchset I shall be seeking xmpp: zdzichubg@xxxxxxxxx an IP-routable hand grenade.'' -- Andrew Morton (LKML) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
