bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: If rbash is worthless, why not remove it and decrease bloat?


From: Pierre Gaston
Subject: Re: If rbash is worthless, why not remove it and decrease bloat?
Date: Sat, 16 Mar 2013 23:06:26 +0200

On Sat, Mar 16, 2013 at 6:28 PM, Chris Down <chris@chrisdown.name> wrote:
> On 2013-03-16 12:13, Chet Ramey wrote:
>> > If it cannot be removed, then some people are using it with the false
>> > expectation that it provides some increased security.  Better to get
>> > rid of that than have someone think it is worth the extra bytes it takes
>> > to implement.
>>
>> Folks cling tightly to their ideas about what should and should not be in
>> bash and how it should behave.  I'm comfortable with leaving the restricted
>> shell feature in the current state and allowing users or distributions to
>> disable it at their option.  The `bloat' is not significant enough to be a
>> factor.
>
> I agree in general, however, I would be in favour of at least adding something
> to the man page that indicates rbash should not be considered secure except in
> very specific implementations. I've dealt with too many people that falsely
> think it increases security (although, whether these are the sort of people to
> read man pages over ill-informed garbage on some guy's "Linux blog", I don't
> know).
>
> Chris

I don't think the manual gives this impression as it is.

It doesn't say "secure" but "more controlled" and I think the way it
is described really force the possible user to think about what rbash
really provides.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]