UsrMove feature (was Re: FESCo meeting minutes for 2011-10-24)

MichaƂ Piotrowski mkkp4x4 at gmail.com
Tue Oct 25 19:45:27 UTC 2011 

2011/10/25 Daniel J Walsh <dwalsh at redhat.com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/25/2011 03:21 PM, Adam Williamson wrote:
>> On Tue, 2011-10-25 at 20:39 +0200, Michał Piotrowski wrote:
>>> 2011/10/25 Richard W.M. Jones <rjones at redhat.com>:
>>>> On Tue, Oct 25, 2011 at 08:33:28PM +0200, Michał Piotrowski
>>>> wrote:
>>>>> 2011/10/25 Chris Adams <cmadams at hiwaay.net>:
>>>>>> Once upon a time, Michał Piotrowski <mkkp4x4 at gmail.com>
>>>>>> said:
>>>>>>> I created feature page
>>>>>>> https://fedoraproject.org/wiki/Features/F18MorePortableInterpreters
>>>>>>
>>>>>>
>>>>>>>
> I strongly object to this "feature".  /bin/sh is a Unix standard back to
>>>>>> IIRC around 7th Edition, and there is NO good reason to
>>>>>> break it.  The "#!/usr/bin/env foo" suggested replacement
>>>>>> has always been a hack to work around broken systems, not
>>>>>> something suggested for all scripts.
>>>>>
>>>>> What is wrong with #!/usr/bin/env interpreter from technical
>>>>> POV?
>>>>
>>>> This is what's wrong:
>>>>
>>>> $ cat > sh.sh #!/bin/sh $ cat > env.sh #!/usr/bin/env sh $
>>>> chmod +x sh.sh env.sh $ time for i in $(seq 1000); do ./sh.sh;
>>>> done
>>>>
>>>> real            0m2.737s user            0m0.750s sys
>>>> 0m1.519s $ time for i in $(seq 1000); do ./env.sh; done
>>>>
>>>> real            0m3.677s user            0m1.013s sys
>>>> 0m2.296s
>>>>
>>>
>>> Yeah, it is noticeably slower - about 0,00094s.
>>
>> Uh. ~2.7secs vs. ~3.7 secs is nearly one entire second, not one
>> tiny tiny fraction of a second, isn't it?
>
>
> There are also possible Security ramifications of allowing the
> interpreter to be replaced, users could stumble upon this.
>
> Python even tries to prevent this with the -Es qualifier.
>
> man python
> ...
>       -s     Don't add user site directory to sys.path.
>       -E     Ignore environment variables like PYTHONPATH and
> PYTHONHOME that
>              modify the behavior of the interpreter.
>
> I think putting
> #!/usr/bin/env interpreter
> is a very bad idea for administrative tools.
>

It seems that this idea has real technical disadvantages:
- possible security problems
- slower execution of scripts
- inability to pass an argument to interpreter
- random problems caused by using of local interpreter
- the need for modification of 5000+ packages

Harald, game is not worth the candle.

-- 
Best regards,
Michal

http://eventhorizon.pl/

More information about the devel mailing list