On Wed, Oct 01, 2014 at 10:39:04PM -0400, Rahul Sundaram wrote: > Hi > > Is it worth considering using Dash as the default (non-interactive) shell > in Fedora? Other distributions including Ubuntu and Debian ( > https://lwn.net/Articles/343924/) have been using dash as the default shell > and Android uses mksh. While this appears to have been done primary to > increase bootup efficiency (which is not relevant with systemd), it might > help with security [Quoting an email I sent internally in Red Hat] Changing the default /bin/sh is going to break the world. I've never understood the reasoning for Debian using a useless shell for /bin/sh instead of the more pleasant, full-featured bash. For Ubuntu the stated reason to follow Debian was pretty bogus[1] -- using dash instead of bash was thought to save some time in SysV init scripts, and by changing the default shell they wouldn't need them to change all the scripts from #!/bin/sh -> #!/bin/dash because using a recursive search and replace is far too arduous. The actual saving was never AFAIK quantified, but I doubt it was measurable. In any case this is irrelevant for systemd. It doesn't even avoid Debian & Ubuntu having a security problem, since they still need to fix bash. [1] https://wiki.ubuntu.com/DashAsBinSh </quote> > Since the recent Shellshock aka Bashdoor vulnerability, there have been > some discussions about more distributions switching over ( > http://lwn.net/SubscriberLink/614218/019d9a52b0eaae3d/) and I was wondering > whether it is worth considering for Fedora? FWIW, both dash and mksh is > already packaged in Fedora. bash had a vulnerability - a bit stupid in hindsight, but no one spotted it for 20-odd years. And it's been fixed. What makes you think the dash doesn't have vulnerabilities too? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/ -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
