[arch-general] A good time to switch to dash as /bin/sh?
Mailing Lists
mailinglists at hawkradius.com
Fri Sep 26 06:06:32 EDT 2014
On Fri, Sep 26, 2014, at 02:52 PM, lolilolicon wrote:
> On Fri, Sep 26, 2014 at 4:20 PM, Martti Kühne <mysatyre at gmail.com> wrote:
> [...]
> > Despite that I'm still not convinced as to why
> > the issue in question is such a big deal, I must say it's unlikely
> > we're better off with a less active, less used shell.
>
> Put simply, bash has too much bloat. That includes obscure dark corners
> like function export/import, where bash interprets an ENV whose value
> starts with '() {' as a function definition. And this behavior is not
> inhibited even when bash is invoked as sh.
>
> In contrast, a minimal implementation of the POSIX shell implements only
> such well defined features. That means security people know where to
> look for bugs. Being Minimal in itself also promises fewer bugs.
>
> I do not have hard numbers about dash; but I think it's to be trusted.
> It has a long history. It's maintained. It's not being actively
> developed, because it does not have features to add, and it does not
> have bugs to fix that resulted from added features. It's used by
> debian-based distros as /bin/sh so it's not exactly lacking testing.
>
> The only real "cultural incompatibility" I see in Arch's switching to
> dash as /bin/sh is that dash is "too Debian". dash is "feature
> complete"; it's not going to push the POSIX shell standard forward. That
> it *follows* the standard. That it's not bleeding edge.
>
> But who wants /bin/sh to bleed?
i just ran the "checkbashisms" script from the AUR on my /usr/bin using
the command from the wiki:
# checkbashisms -f -p $(grep -rlE '^#! ?/bin/(env )?sh' /usr/bin)
which revealed 470 instances of putative bashisms in scripts using
#!/bin/sh. Assuming that these bashisms all come from upstream, patching
and maintaining them would be a chore.
To be clear, I'm not against what you're saying, I'm just saying that
making and maintaining that transition would be difficult. I have 761
packages installed on my system, and I get 470 instances of putative
bashisms. I'm guessing there will be others for whom this number will be
far greater.
--
Cheers!
Savya
More information about the arch-general
mailing list