[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash security issue

From: Eric Blake
Subject: Re: Bash security issue
Date: Sat, 27 Sep 2014 16:51:34 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0

On 09/27/2014 04:21 PM, Chet Ramey wrote:

>> 1) make bash when invoked as /bin/sh fail those bash-isms
> It's come up before, and it's not something that bash has ever been
> intended to do.  When invoked as /bin/sh, bash will behave as a posix
> superset.  Posix allows this.

Even dash is a posix superset.  Although dash tries to be more
minimalistic at not adding new features without first getting those
features specified by posix, there are definite existing extensions in
the code base that the dash maintainer is unwilling to remove because of
the risk of breaking backward compatibility.

>> 2) build a 'real' /bin/sh without those compiled in. This begs the 
>> definition of 'real', but IMHO if it's not in POSIX, it shouldn't be in 
>> 'real' /bin/sh
> This is dash's niche.

If you want a truly minimalist shell that will loudly complain at
attempts to use extensions, use 'posh' instead of 'dash'.

But Chet's point remains - there's no need to dumb down bash to serve as
a minimalist shell, because that's a maintenance burden, and there are
already other projects that have decided to take on that role.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]