Dash as default shell

Timothée Ravier siosm99 at gmail.com
Thu Oct 2 08:54:10 UTC 2014

On 2014-10-02 10:25, Rahul Sundaram wrote:
>> It doesn't even avoid Debian & Ubuntu having a security problem, since
>> they still need to fix bash.
> Sure.  Unless they stop shipping bash, they got to fix security problems.
> That is no surprise.  The real question is whether it reduced the impact of
> the issue for their users.
>> What makes you think the dash doesn't have vulnerabilities too?
> Do note that I explicitly avoided making any such specific claims and
> instead proposed it as a discussion point for a good reason.    Having said
> that, the general understanding appears to be that a minimal software with
> a smaller footprint has less potential issues.

It's easy to forget that there have been much more serious
vulnerabilities in dash than in bash as far as I can remember:

Timothée Ravier

More information about the devel mailing list