On 2 October 2014 17:13, Ralf Corsepius <rc040203@xxxxxxxxxx> wrote: > On 10/02/2014 03:07 PM, Rahul Sundaram wrote: >> >> Hi >> >> On Thu, Oct 2, 2014 at 8:59 AM, Chris Adams wrote: >> >> >> If that's the case, why do we have the /bin/sh symlink? Just remove >> it >> and make the bash dependency explicit (so everything has to call >> /bin/bash). >> >> >> I understand this is a rherotical argument but the symlink exists >> because it is required by things like system() > > > No. /bin/sh is supposed to be a POSIX-compatible shell. > > I.e. scripts using "#!/bin/sh" shebang rely upon being interpreted > POSIX-correctly and not to use any feature diverging from POSIX. > > > As bash implements a superset of POSIX, it changes its behavior to a more > POSIX-compliant behavior depending upon the name it is being invoked. > More posix compliant maybe, but still providing extensions. Otherwise changing sh to another posix compliant shell would not cause people to worry about /bin/sh scripts that would be broken by the change. Whether bash or dash is more secure (and don't discount the fact that debian and ubuntu mean there is effort going into dash), it's not a great argument that /bin/sh should be bash to support scripts that incorrectly use sh when they mean bash. From the point of view of specifying dependencies, interoperability, even potentially security auditing, if it needs bash it should specify bash. This makes sense when you consider: 1. shellshock. A temporary workaround if /sh could be changed to a different shell without breaking things would have been to do that until patches came out. This applies whatever the default shell is. 2. Lightweight. It may make sense to change to dash by default, it might not, but if sh means sh then people building minimal systems can make that choice themselves and easily see (by grepping /bin/bash) whether they're going to hit a problem. Applies for something like ash or other alternatives too. 3. Portability. BSD, Debian, Ubuntu don't use bash. It really is the case that there is still an API for sh and it's not bash. -- imalone http://ibmalone.blogspot.co.uk -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
