Dash as default shell
siosm99 at gmail.com
Thu Oct 2 08:54:10 UTC 2014
On 2014-10-02 10:25, Rahul Sundaram wrote:
>> It doesn't even avoid Debian & Ubuntu having a security problem, since
>> they still need to fix bash.
> Sure. Unless they stop shipping bash, they got to fix security problems.
> That is no surprise. The real question is whether it reduced the impact of
> the issue for their users.
>> What makes you think the dash doesn't have vulnerabilities too?
> Do note that I explicitly avoided making any such specific claims and
> instead proposed it as a discussion point for a good reason. Having said
> that, the general understanding appears to be that a minimal software with
> a smaller footprint has less potential issues.
It's easy to forget that there have been much more serious
vulnerabilities in dash than in bash as far as I can remember:
More information about the devel