Dash as default shell
Reindl Harald
h.reindl at thelounge.net
Thu Oct 2 20:56:27 UTC 2014
Am 02.10.2014 um 22:45 schrieb Rahul Sundaram:
> On Thu, Oct 2, 2014 at 11:57 AM, Reindl Harald wrote:
>
> because the conclusion that dash is not vulerable for
> other things is invalid
>
>
> I am afraid there was no such conclusions. To acknowledge known bugs in bash
> doesn't require anyone to conclude that dash doesn't have bugs
then that paragraph refer to Shellshock was not really appropriate without
make really clear that this is not a panic reaction in context of already
fixed bash bugs
it's sadly a common reaction if somewhere critical bugs where fixed try
to migrate to something else instead take a breath and consider that
the currently used one has now more focus than ever before and got more
attention from security specialists while the suggested replacement
might not
> Since the recent Shellshock aka Bashdoor vulnerability, there have been some discussions about more distributions
> switching over (http://lwn.net/SubscriberLink/614218/019d9a52b0eaae3d/) and I was wondering whether it is worth
> considering for Fedora? FWIW, both dash and mksh is already packaged in Fedora.
as already said:
also don't forget that currently a lot of people look into
bash in security context because of the things happened
short ago and it's wide use
besides that the known issues are fixed it could go easily
in the wrong direction switch to something different which
may also have it's own issues nobody cared until now and
has less focus in security context than bash now has
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141002/c55951b0/attachment.sig>
More information about the devel
mailing list