Dash as default shell
ibmalone at gmail.com
Thu Oct 2 20:34:44 UTC 2014
On 2 October 2014 17:13, Ralf Corsepius <rc040203 at freenet.de> wrote:
> On 10/02/2014 03:07 PM, Rahul Sundaram wrote:
>> On Thu, Oct 2, 2014 at 8:59 AM, Chris Adams wrote:
>> If that's the case, why do we have the /bin/sh symlink? Just remove
>> and make the bash dependency explicit (so everything has to call
>> I understand this is a rherotical argument but the symlink exists
>> because it is required by things like system()
> No. /bin/sh is supposed to be a POSIX-compatible shell.
> I.e. scripts using "#!/bin/sh" shebang rely upon being interpreted
> POSIX-correctly and not to use any feature diverging from POSIX.
> As bash implements a superset of POSIX, it changes its behavior to a more
> POSIX-compliant behavior depending upon the name it is being invoked.
More posix compliant maybe, but still providing extensions. Otherwise
changing sh to another posix compliant shell would not cause people to
worry about /bin/sh scripts that would be broken by the change.
Whether bash or dash is more secure (and don't discount the fact that
debian and ubuntu mean there is effort going into dash), it's not a
great argument that /bin/sh should be bash to support scripts that
incorrectly use sh when they mean bash. From the point of view of
specifying dependencies, interoperability, even potentially security
auditing, if it needs bash it should specify bash. This makes sense
when you consider:
1. shellshock. A temporary workaround if /sh could be changed to a
different shell without breaking things would have been to do that
until patches came out. This applies whatever the default shell is.
2. Lightweight. It may make sense to change to dash by default, it
might not, but if sh means sh then people building minimal systems can
make that choice themselves and easily see (by grepping /bin/bash)
whether they're going to hit a problem. Applies for something like ash
or other alternatives too.
3. Portability. BSD, Debian, Ubuntu don't use bash. It really is the
case that there is still an API for sh and it's not bash.
More information about the devel