Dash as default shell

[Suchakra]

Hi,

On Thu, Oct 2, 2014 at 8:49 AM, Chris Adams <linux at cmadams.net> wrote:
> Once upon a time, Rahul Sundaram <metherid at gmail.com> said:
>> Is it worth considering using Dash as the default (non-interactive) shell
>> in Fedora?  Other distributions including Ubuntu and Debian (
>> https://lwn.net/Articles/343924/) have been using dash as the default shell
>> and Android uses mksh.  While this appears to have been done primary to
>> increase bootup efficiency (which is not relevant with systemd), it might
>> help with security

I know not of those various reasons why in Debian and friends, dash is
the shell that stuck. However, I think there would definitely not be
any promising/appreciable bootup boost on switching the default shells
on modern systems.

> To be proven better (and worthy of replacing bash as /bin/sh), dash
> would need at least as much scrutiny.  dash is roughly the same age as
> bash (both just over 25 years old), so "newer" or "older" isn't really a
> factor.

As for the matter of security, I agree with this view. Such
vulnerabilities on these long time stable shells may not be evident
superficially.

> Could this be handled through the alternatives system, so that
> admins could choose bash vs. dash vs. whatever?  In theory now, /bin/sh
> is not as critical to system startup with systemd (although I expect
> there are still scripts that called in various places).

I also thought about this sometime back that it would be nice on
server (or maybe even desktop) based systems to have dash and having a
provision to switch is worth exploring.

As for embedded systems/android, the choice of shells is not a major
matter as they use highly modified and optimized versions (including
shells) and the security vulnerability is usually not a prime concern
there. So we may keep the others out of the picture (unless Fedora ARM
is interested in this as well)

--
Suchakra