Dash as default shell

Chris Adams linux at cmadams.net
Thu Oct 2 03:19:18 UTC 2014


Once upon a time, Rahul Sundaram <metherid at gmail.com> said:
> Is it worth considering using Dash as the default (non-interactive) shell
> in Fedora?  Other distributions including Ubuntu and Debian (
> https://lwn.net/Articles/343924/) have been using dash as the default shell
> and Android uses mksh.  While this appears to have been done primary to
> increase bootup efficiency (which is not relevant with systemd), it might
> help with security

To clarify what I think you are proposing, you want to put dash in the
core package set, and change the /bin/sh symlink (used as the script
interpreter) from bash to dash.

Here's my opinion (for the nothing that it is worth) about changing
/bin/sh for security: first somebody would need to do a security review
of dash to "prove" (for some value of "prove") that it is better (for
some value of better) than bash.  After all, bash has been around for a
long time now, and as far as I can remember, this is the first security
incident with it that relates to using it as the /bin/sh script
interpreter.  It now has a significant amount of attention to look for
more of course.

To be proven better (and worthy of replacing bash as /bin/sh), dash
would need at least as much scrutiny.  dash is roughly the same age as
bash (both just over 25 years old), so "newer" or "older" isn't really a
factor.

One thing that might be a good topic for consideration: is there a
reasonable way to allow different implementations to take the /bin/sh
symlink?  Could this be handled through the alternatives system, so that
admins could choose bash vs. dash vs. whatever?  In theory now, /bin/sh
is not as critical to system startup with systemd (although I expect
there are still scripts that called in various places).

-- 
Chris Adams <linux at cmadams.net>


More information about the devel mailing list