UsrMove feature (was Re: FESCo meeting minutes for 2011-10-24)
MichaĆ Piotrowski
mkkp4x4 at gmail.com
Tue Oct 25 19:45:27 UTC 2011
2011/10/25 Daniel J Walsh <dwalsh at redhat.com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/25/2011 03:21 PM, Adam Williamson wrote:
>> On Tue, 2011-10-25 at 20:39 +0200, Michał Piotrowski wrote:
>>> 2011/10/25 Richard W.M. Jones <rjones at redhat.com>:
>>>> On Tue, Oct 25, 2011 at 08:33:28PM +0200, Michał Piotrowski
>>>> wrote:
>>>>> 2011/10/25 Chris Adams <cmadams at hiwaay.net>:
>>>>>> Once upon a time, Michał Piotrowski <mkkp4x4 at gmail.com>
>>>>>> said:
>>>>>>> I created feature page
>>>>>>> https://fedoraproject.org/wiki/Features/F18MorePortableInterpreters
>>>>>>
>>>>>>
>>>>>>>
> I strongly object to this "feature". /bin/sh is a Unix standard back to
>>>>>> IIRC around 7th Edition, and there is NO good reason to
>>>>>> break it. The "#!/usr/bin/env foo" suggested replacement
>>>>>> has always been a hack to work around broken systems, not
>>>>>> something suggested for all scripts.
>>>>>
>>>>> What is wrong with #!/usr/bin/env interpreter from technical
>>>>> POV?
>>>>
>>>> This is what's wrong:
>>>>
>>>> $ cat > sh.sh #!/bin/sh $ cat > env.sh #!/usr/bin/env sh $
>>>> chmod +x sh.sh env.sh $ time for i in $(seq 1000); do ./sh.sh;
>>>> done
>>>>
>>>> real 0m2.737s user 0m0.750s sys
>>>> 0m1.519s $ time for i in $(seq 1000); do ./env.sh; done
>>>>
>>>> real 0m3.677s user 0m1.013s sys
>>>> 0m2.296s
>>>>
>>>
>>> Yeah, it is noticeably slower - about 0,00094s.
>>
>> Uh. ~2.7secs vs. ~3.7 secs is nearly one entire second, not one
>> tiny tiny fraction of a second, isn't it?
>
>
> There are also possible Security ramifications of allowing the
> interpreter to be replaced, users could stumble upon this.
>
> Python even tries to prevent this with the -Es qualifier.
>
> man python
> ...
> -s Don't add user site directory to sys.path.
> -E Ignore environment variables like PYTHONPATH and
> PYTHONHOME that
> modify the behavior of the interpreter.
>
> I think putting
> #!/usr/bin/env interpreter
> is a very bad idea for administrative tools.
>
It seems that this idea has real technical disadvantages:
- possible security problems
- slower execution of scripts
- inability to pass an argument to interpreter
- random problems caused by using of local interpreter
- the need for modification of 5000+ packages
Harald, game is not worth the candle.
--
Best regards,
Michal
http://eventhorizon.pl/
More information about the devel
mailing list