Dash as default shell

Timothée Ravier siosm99 at gmail.com
Thu Oct 2 08:54:10 UTC 2014


On 2014-10-02 10:25, Rahul Sundaram wrote:
>> It doesn't even avoid Debian & Ubuntu having a security problem, since
>> they still need to fix bash.
> 
> Sure.  Unless they stop shipping bash, they got to fix security problems.
> That is no surprise.  The real question is whether it reduced the impact of
> the issue for their users.
> 
>> What makes you think the dash doesn't have vulnerabilities too?
> 
> Do note that I explicitly avoided making any such specific claims and
> instead proposed it as a discussion point for a good reason.    Having said
> that, the general understanding appears to be that a minimal software with
> a smaller footprint has less potential issues.

It's easy to forget that there have been much more serious
vulnerabilities in dash than in bash as far as I can remember:
http://blog.cmpxchg8b.com/2013/08/security-debianisms.html

-- 
Timothée Ravier


More information about the devel mailing list