Dash as default shell
Tomasz Torcz
tomek at pipebreaker.pl
Thu Oct 2 07:14:43 UTC 2014
On Thu, Oct 02, 2014 at 08:33:23AM +0200, Lennart Poettering wrote:
> On Wed, 01.10.14 22:39, Rahul Sundaram (metherid at gmail.com) wrote:
>
> > Hi
> >
> > Is it worth considering using Dash as the default (non-interactive) shell
> > in Fedora? Other distributions including Ubuntu and Debian (
> > https://lwn.net/Articles/343924/) have been using dash as the default shell
> > and Android uses mksh. While this appears to have been done primary to
> > increase bootup efficiency (which is not relevant with systemd), it might
> > help with security
> >
> > Since the recent Shellshock aka Bashdoor vulnerability, there have been
> > some discussions about more distributions switching over (
> > http://lwn.net/SubscriberLink/614218/019d9a52b0eaae3d/) and I was wondering
> > whether it is worth considering for Fedora? FWIW, both dash and mksh is
> > already packaged in Fedora.
>
> This sounds really wrong to me.
>
> If you change /bin/sh to dash, then you'll have to map two shell
> binaries into memory (since the login shell is going to stay on bash),
> hence the resource usage grows. You increase the number of packages
> and minimal footprint of our OS images since we need to install one
> more package. You also increase the attack surface, since there'll be
> two shells running. You have to maintain + security-fix more code,
/bin/sh isn't supposed to "stay in memory". It's for one-off scripts,
not for interactive use.
> since you have two packages to look after (Yes, by adding dash to the
> default stack you just put the extra burden on Fedora to quickly
> update two packages instead of just one in case of a security
Only if bash and dash share exactly the same security problems. Which
seems unlikely.
> problem). You create a *lot* of porting work for all those
Ubuntu/Debian did a lot of porting/cleanup work in the years after
switching away from bash. We can assume all this proting went upstream
and we can just ride on their work.
> scripts. You *break* all scripts that currently reference /bin/sh in
> the shebang-line but use bashisms. Also, many of the bashisms are
> actually pretty useful, hence you replace a more powerful language by
> a crappier one. You create an entirely new problem for our users, by
> making them *think* whether they actually mean /bin/sh or
> /bin/bash. You confuse users by disallowing certain expressions in
> scripts that work fine if you type them on the interactive shell.
>
> So, in order to keep things simpler, faster, more secure, more
> maintainable, more compatible, let's please stick with one shell and
> one shell only, and let's stay with bash. Thank you.
So we shouldn't diverge from dash as /bin/sh? There are probably more
Debian+Ubuntu servers than Fedora servers, so majority of systems have dash.
"Staying" with bash would mean diverging from majority.
--
Tomasz Torcz ,,If you try to upissue this patchset I shall be seeking
xmpp: zdzichubg at chrome.pl an IP-routable hand grenade.'' -- Andrew Morton (LKML)
More information about the devel
mailing list