Let's take this one step at a time



If FESCo doesn't agree to that, I will consider it a failed proposal.

i... read the first some comments in the relevant thread
mostly people stating relevant details or their opinion

then i seen Lennart's comments... i'l stop reading anything fedora related from now
in short:

"The shell is API. Currently, if people write shell (#!/bin/sh) scripts
on Fedora, they can be sure that the same language is available on all
Fedora installations. If you suddenly make /bin/sh something that
might be different on all systems, you pretty much break API there."

for anyone reading that does not know "sh" was the original bourne shell
and #!/path/binary literally tells the kernel what to execute

"If you change /bin/sh to dash, then you'll have to map two shell
binaries into memory (since the login shell is going to stay on bash),
hence the resource usage grows."

yes, by all the 100kB that is not shared by dash (it's ~500kB in bash)

"You also increase the attack surface, since there'll be two shells running."

if they are bout running or not does not matter since they are not open to the network
more so that only one of those running shells will be by a user
it only matters if an attacker can RUN that shell; and if he has your ssh password, he can choose

"Also, many of the bashisms are
actually pretty useful, hence you replace a more powerful language by
a crappier one. You create an entirely new problem for our users, by
making them *think* whether they actually mean /bin/sh or
/bin/bash. You confuse users by disallowing certain expressions in
scripts that work fine if you type them on the interactive shell."

more powerful, no
well a bit more convenient in rare occasions, but also uselessly more complex in others
making users think if /bin/sh is /bin/bash ? what the..
/bin/bash is bash /bin/sh is a shell (ideally it would be ash, as a real sh)

had to say this...
coffee made me read it, i'l tell it to find something else for our next session



on the other hand Ralf Corsepius knows what hes talking about
he has a beer from me when he comes to Croatia

in short
i'm rooting for you, Rahul

tell em that most linux users nowadays don't use a shell anyway (ba dum thish)

I really can't get what you mean in your code block:
does it suppose to work?

This (the ksh behaviour) is actually explicitly permitted by POSIX.

Disclaimer: mksh developer here.

You may want to care about bugs, though.

Granted, the segfaults I had with ash in MirBSD earlier are fixed, but dash still uses strcpy() all over the place, and its shell implementation brings tears to my eyes sometimes. Try the IFS-subst-4-1 and IFS-subst-5 testcases from mksh/check.t on dash some day?

Linking mksh statically for /bin/sh is a very good choice. Best to avoid glibc (and its clone ?Clibc, which, while smaller, has even worse code quality), but mksh works just as well with musl (decent Linux libc) as with recent klibc and (Debian-patched) dietlibc.

True. Careful code review *did* find one environment parsing issue specific to mksh. But I found it myself, and it was low-impact enough to not even warrant a CVE.

mksh *did* however get an independent security review by Geremy Condra from Google (for Android) who, like many others who reviewed (without security focus) mksh, was impressed with the quality.

Why don't they make GNU Bash more modular so that it can have compile-time options of features to build.
So then you build two versions of Bash, one for interactive use and one for non-interactive use.

CONFIG_COMMAND_HISTORY = false;
CONFIG_AUTOCOMPLETION = false;
CONFIG_LINE_EDITING = false;