Dash as default shell

Tomasz Torcz tomek at pipebreaker.pl
Thu Oct 2 07:14:43 UTC 2014 

On Thu, Oct 02, 2014 at 08:33:23AM +0200, Lennart Poettering wrote:
> On Wed, 01.10.14 22:39, Rahul Sundaram (metherid at gmail.com) wrote:
> 
> > Hi
> > 
> > Is it worth considering using Dash as the default (non-interactive) shell
> > in Fedora?  Other distributions including Ubuntu and Debian (
> > https://lwn.net/Articles/343924/) have been using dash as the default shell
> > and Android uses mksh.  While this appears to have been done primary to
> > increase bootup efficiency (which is not relevant with systemd), it might
> > help with security
> > 
> > Since the recent Shellshock aka Bashdoor vulnerability, there have been
> > some discussions about more distributions switching over (
> > http://lwn.net/SubscriberLink/614218/019d9a52b0eaae3d/) and I was wondering
> > whether it is worth considering for Fedora?  FWIW, both dash and mksh is
> > already packaged in Fedora.
> 
> This sounds really wrong to me.
> 
> If you change /bin/sh to dash, then you'll have to map two shell
> binaries into memory (since the login shell is going to stay on bash),
> hence the resource usage grows. You increase the number of packages
> and minimal footprint of our OS images since we need to install one
> more package. You also increase the attack surface, since there'll be
> two shells running. You have to maintain + security-fix more code,

  /bin/sh isn't supposed to "stay in memory". It's for one-off scripts,
not for interactive use.

> since you have two packages to look after (Yes, by adding dash to the
> default stack you just put the extra burden on Fedora to quickly
> update two packages instead of just one in case of a security
 
  Only if bash and dash share exactly the same security problems. Which
seems unlikely.

> problem). You create a *lot* of porting work for all those

  Ubuntu/Debian did a lot of porting/cleanup work in the years after
switching away from bash. We can assume all this proting went upstream
and we can just ride on their work.

> scripts. You *break* all scripts that currently reference /bin/sh in
> the shebang-line but use bashisms. Also, many of the bashisms are
> actually pretty useful, hence you replace a more powerful language by
> a crappier one. You create an entirely new problem for our users, by
> making them *think* whether they actually mean /bin/sh or
> /bin/bash. You confuse users by disallowing certain expressions in
> scripts that work fine if you type them on the interactive shell.
> 
> So, in order to keep things simpler, faster, more secure, more
> maintainable, more compatible, let's please stick with one shell and
> one shell only, and let's stay with bash. Thank you.

  So we shouldn't diverge from dash as /bin/sh?  There are probably more
Debian+Ubuntu servers than Fedora servers, so majority of systems have dash.
"Staying" with bash would mean diverging from majority.

-- 
Tomasz Torcz              ,,If you try to upissue this patchset I shall be seeking
xmpp: zdzichubg at chrome.pl   an IP-routable hand grenade.'' -- Andrew Morton (LKML)

More information about the devel mailing list