Dash as default shell

Ian Malone ibmalone at gmail.com
Thu Oct 2 07:32:51 UTC 2014


On 2 October 2014 07:33, Lennart Poettering <mzerqung at 0pointer.de> wrote:
> On Wed, 01.10.14 22:39, Rahul Sundaram (metherid at gmail.com) wrote:
>
>> Hi
>>
>> Is it worth considering using Dash as the default (non-interactive) shell
>> in Fedora?  Other distributions including Ubuntu and Debian (
>> https://lwn.net/Articles/343924/) have been using dash as the default shell
>> and Android uses mksh.  While this appears to have been done primary to
>> increase bootup efficiency (which is not relevant with systemd), it might
>> help with security
>>
>> Since the recent Shellshock aka Bashdoor vulnerability, there have been
>> some discussions about more distributions switching over (
>> http://lwn.net/SubscriberLink/614218/019d9a52b0eaae3d/) and I was wondering
>> whether it is worth considering for Fedora?  FWIW, both dash and mksh is
>> already packaged in Fedora.
>
> This sounds really wrong to me.
>
> If you change /bin/sh to dash, then you'll have to map two shell
> binaries into memory (since the login shell is going to stay on bash),
> hence the resource usage grows. You increase the number of packages
> and minimal footprint of our OS images since we need to install one
> more package.

Total download size: 91 k
Installed size: 163 k


> You also increase the attack surface, since there'll be
> two shells running. You have to maintain + security-fix more code,

Versus this the default shell may be more exposed, it plays a
particular role in the system. As does a login shell. To be honest
most people do not need bashisms in the login shell either

> since you have two packages to look after (Yes, by adding dash to the
> default stack you just put the extra burden on Fedora to quickly
> update two packages instead of just one in case of a security
> problem). You create a *lot* of porting work for all those
> scripts. You *break* all scripts that currently reference /bin/sh in
> the shebang-line but use bashisms. Also, many of the bashisms are

/bin/sh scripts usings bashisms are broken already, you merely expose
it. Much of this work will have been done in debian/ubuntu already. I
was under the impression the move was away from system scripts in any
case.

> actually pretty useful, hence you replace a more powerful language by
> a crappier one. You create an entirely new problem for our users, by

Well, less powerful is not 'crappier'. It may well be the lower
complexity of dash that contributed to bash being the first one to
show up a vulnerability.

> making them *think* whether they actually mean /bin/sh or
> /bin/bash. You confuse users by disallowing certain expressions in
> scripts that work fine if you type them on the interactive shell.

None of this is a problem. You also have to think whether you mean
/bin/sh or /usr/bin/python. Or .c or .cxx.

>
> So, in order to keep things simpler, faster, more secure, more
> maintainable, more compatible, let's please stick with one shell and
> one shell only, and let's stay with bash. Thank you.
>

I'm not a big dash partisan, whenever I write a shell script more
often than not it starts /bin/bash, but this at least needs some
consideration. Fedora has made quite a few radical changes in the
past, with mixed results. This is a not very radical change that's
been used for quite some time in other distros and doesn't actually
break POSIX for once.

-- 
imalone
http://ibmalone.blogspot.co.uk


More information about the devel mailing list