Re: Dash as default shell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 01, 2014 at 10:39:04PM -0400, Rahul Sundaram wrote:
> Hi
> 
> Is it worth considering using Dash as the default (non-interactive) shell
> in Fedora?  Other distributions including Ubuntu and Debian (
> https://lwn.net/Articles/343924/) have been using dash as the default shell
> and Android uses mksh.  While this appears to have been done primary to
> increase bootup efficiency (which is not relevant with systemd), it might
> help with security

[Quoting an email I sent internally in Red Hat]

Changing the default /bin/sh is going to break the world.

I've never understood the reasoning for Debian using a useless shell
for /bin/sh instead of the more pleasant, full-featured bash.

For Ubuntu the stated reason to follow Debian was pretty bogus[1] --
using dash instead of bash was thought to save some time in SysV init
scripts, and by changing the default shell they wouldn't need them to
change all the scripts from #!/bin/sh -> #!/bin/dash because using a
recursive search and replace is far too arduous.  The actual saving
was never AFAIK quantified, but I doubt it was measurable.  In any
case this is irrelevant for systemd.

It doesn't even avoid Debian & Ubuntu having a security problem, since
they still need to fix bash.

[1] https://wiki.ubuntu.com/DashAsBinSh

</quote>

> Since the recent Shellshock aka Bashdoor vulnerability, there have been
> some discussions about more distributions switching over (
> http://lwn.net/SubscriberLink/614218/019d9a52b0eaae3d/) and I was wondering
> whether it is worth considering for Fedora?  FWIW, both dash and mksh is
> already packaged in Fedora.

bash had a vulnerability - a bit stupid in hindsight, but no one
spotted it for 20-odd years.  And it's been fixed.

What makes you think the dash doesn't have vulnerabilities too?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux