Announcement

Collapse
No announcement yet.

Dash As The Default Shell For Fedora?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dash As The Default Shell For Fedora?

    Phoronix: Dash As The Default Shell For Fedora?

    While Ubuntu/Debian have long preferred Dash as its /bin/sh implementation, in light of the recent Shellshock Bash vulnerability there's a discussion starting about Dash potentially becoming the default shell for Fedora Linux...

    http://www.phoronix.com/vr.php?view=MTgwMjI

  • #2
    Well I'm definitely in favour of that

    Comment


    • #3
      I recently switched my /bin/sh to dash on Arch. As user shell I use zsh, but bash still needs to be installed because many packages need it. I was also considering mksh which is the most used linux shell (1 billion Android devices) which got a pretty impressive set of features for being so light weight. I went for dash because /bin/sh should just adhere to the common standards and since it is non-interactive I should not have to bother about features. Considering making it statically linked against musl ....

      Comment


      • #4
        Shells

        Originally posted by phoronix View Post
        Phoronix: Dash As The Default Shell For Fedora?

        While Ubuntu/Debian have long preferred Dash as its /bin/sh implementation, in light of the recent Shellshock Bash vulnerability there's a discussion starting about Dash potentially becoming the default shell for Fedora Linux...

        http://www.phoronix.com/vr.php?view=MTgwMjI
        I've never even (still don't) know anything about Dash other than years ago seeing a switch to it in a HowToForge article where switch the shell from Bash. Perhaps an article on the differences. Is it really any more secure? and what other (viable)options are available?

        Comment


        • #5
          Originally posted by staalmannen View Post
          I recently switched my /bin/sh to dash on Arch (...) I went for dash because /bin/sh should just adhere to the common standards and since it is non-interactive I should not have to bother about features.
          I was a Debian user and since it uses dash for /bin/sh without issues (AFAIK), I wanted to do the same on Arch. However, after reading this post I gave up: https://lists.archlinux.org/pipermai...er/037391.html

          Comment


          • #6
            Good idea... but obviously, make sure to audit the code, and move every single program to use dash.

            Comment


            • #7
              Originally posted by halo9en View Post
              I was a Debian user and since it uses dash for /bin/sh without issues (AFAIK), I wanted to do the same on Arch. However, after reading this post I gave up: https://lists.archlinux.org/pipermai...er/037391.html
              That post DRASTICALLY overstates the issue. You should be able to change the symlink without any major problem.

              Comment


              • #8
                Originally posted by asdfblah View Post
                Good idea... but obviously, make sure to audit the code, and move every single program to use dash.
                No, you "just" have to make sure that scripts that uses #!/bin/sh don't use non posix features. If a script is explicitelly requesting /bin/bash, there is nothing wrong.

                Every script that was meant to run also on debian/ubuntu should already be clean and since init scripts are not used for a lot of services anymore, that is a lot less painfull than a few years ago.

                Comment


                • #9
                  Originally posted by halo9en View Post
                  I was a Debian user and since it uses dash for /bin/sh without issues (AFAIK), I wanted to do the same on Arch. However, after reading this post I gave up: https://lists.archlinux.org/pipermai...er/037391.html

                  I have not noticed any issues and I believe that is has been tested by far more Arch users than me since it is in the Arch wiki how to do it:

                  https://wiki.archlinux.org/index.php/Dash

                  Looking at the edit history the instructions of making dash default /bin/sh come from 2013 and according to the mailing thread you linked it was considered 7 years ago. An important difference between now and then is that the init scripts (which depended on bash) are no longer there.
                  The instructions in the Dash page can also be applied to other shells like mksh etc... I was a bit undecided on which shell to pick but dash is smallest and less features _might_ mean less attack surfaces...

                  Comment


                  • #10
                    I was under the impression the security vulnerability was in a bash extension rather than in POSIX functionality so wouldn't affect you if you ran bash as /bin/sh limited version

                    Comment

                    Working...
                    X