Dash as default shell
Richard W.M. Jones
rjones at redhat.com
Thu Oct 2 08:04:07 UTC 2014
On Wed, Oct 01, 2014 at 10:39:04PM -0400, Rahul Sundaram wrote:
> Is it worth considering using Dash as the default (non-interactive) shell
> in Fedora? Other distributions including Ubuntu and Debian (
> https://lwn.net/Articles/343924/) have been using dash as the default shell
> and Android uses mksh. While this appears to have been done primary to
> increase bootup efficiency (which is not relevant with systemd), it might
> help with security
[Quoting an email I sent internally in Red Hat]
Changing the default /bin/sh is going to break the world.
I've never understood the reasoning for Debian using a useless shell
for /bin/sh instead of the more pleasant, full-featured bash.
For Ubuntu the stated reason to follow Debian was pretty bogus --
using dash instead of bash was thought to save some time in SysV init
scripts, and by changing the default shell they wouldn't need them to
change all the scripts from #!/bin/sh -> #!/bin/dash because using a
recursive search and replace is far too arduous. The actual saving
was never AFAIK quantified, but I doubt it was measurable. In any
case this is irrelevant for systemd.
It doesn't even avoid Debian & Ubuntu having a security problem, since
they still need to fix bash.
> Since the recent Shellshock aka Bashdoor vulnerability, there have been
> some discussions about more distributions switching over (
> http://lwn.net/SubscriberLink/614218/019d9a52b0eaae3d/) and I was wondering
> whether it is worth considering for Fedora? FWIW, both dash and mksh is
> already packaged in Fedora.
bash had a vulnerability - a bit stupid in hindsight, but no one
spotted it for 20-odd years. And it's been fixed.
What makes you think the dash doesn't have vulnerabilities too?
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
More information about the devel