Re: Removing bash (Was: /etc/init.d/network is too simple?)
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 16 Apr 1999 21:42:06 +0200, Marek Habersack wrote:
>Hmm... that "only" is what worries me the most. Aren't exceptions what makes
>our life harder?
Not as hard as well-intentioned defaults to prevent such exceptions. I
really do mean that I'd rather deal with the *possible* eventuality that I
need a statically linked shell than the certainty of a daily loss of RAM to
one that is there.
>SHOULD an exception happen you can lose ALL your data, ALL your work -
>EVERYTHING.
That is what rescue disks are for, esp. in a production environment.
I've not yet run into a situation where the tools were needed on the machine.
I will grant that it makes it much more CONVENIENT to perform rescue
operations when they are there. That is why I mentioned sash.
>many "production" systems running huge sites that simply must take into
>account every possibility of crash and have ways to deal with it.
And if they take into account every possibility of a crash then there
would be so much redundancy that the machine would be unusable. No, a
balance must be made between reasonable rescue operations and loss of
performance.
>Just a separate package with static versions of the necessary stuff would do
>- for those paranoid ones out there :)))))) (like myself) :)
sash. From the sash man page:
More importantly, however, is that many of the standard
system commands are built-in to sash. These built-in com-
mands are:
-chgrp, -chmod, -chown, -cmp, -cp, -dd, -echo,
-ed, -grep, -gunzip, -gzip, -kill, -ln, -ls, -mkdir,
-mknod, -more, -mount, -mv, -printenv, -pwd, -rm,
-rmdir, -sync, -tar, -touch, -umount, -where
These commands are generally similar to the standard pro-
grams with similar names. However, they are simpler and
cruder than the external programs, and so many of the
options are not implemented. The restrictions for each
built-in command are described later.
So why statically link /bin when darn near everything you need is there.
The only thing I see that is missing is an editor... Whoops, ed is there.
Nevermind.
- -rwxr-xr-x 1 root root 279452 Oct 11 1998 /bin/sash
root@teleute:/usr/doc/sash# ldd /bin/sash
statically linked (ELF)
- -rwxr-xr-x 1 root root 342756 Feb 17 00:56 /bin/bash
root@teleute:/usr/doc/sash# ldd /bin/bash
libreadline.so.2 => /lib/libreadline.so.2 (0x40010000)
libncurses.so.4 => /lib/libncurses.so.4 (0x4003d000)
libdl.so.2 => /lib/libdl.so.2 (0x4007d000)
libc.so.6 => /lib/libc.so.6 (0x40081000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
I'd rather have sash in an alternate root login than a static bash as
well as a static compiliation of each of the tools listed in the sash man
page.
>Naah... Why would you need netscape, mc, mutt, pine, eggdrop, emacs and a
>loads of other stuff? What you have in /bin is enough to do maintenance work
root@teleute:/bin# du
2100 .
Uhm, that's a lot larger than sash. See what we sash people are driving
home here? :)
>Well, I almost never su to root... I'd estimate running as root constitutes
>1% of my time spent at the console...
That is you. By asking for the default bash to be statically linked
you're having an effect on countless other systems because of your personal
habits. Meanwhile, I, and others, have pointed out a viable alternative that
you could impliment and is, arguably, a good idea to have as a standard
component for disaster recovery which gives each of those countless systems,
and yourself, the choice to have it while leaving the standard root account
alone for those who *do* do more work in root, at or away from the console.
- --
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
ICQ: 5107343 | main connection to the switchboard of souls.
- -------------------------------+----------------------------------------- -----
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc
iQCVAwUBNxeoCaC6xbtZwvdnAQFc4AP/ZJi3UhEQCFOeg0mLbWy61jjy6qj6RGyV
3zmR5rpHXSoxobEpPvbtt+ck/83b4hGf5Rl/1c+7hDrjYtNJzgycj4JMuXq0izk+
QF3MUKnnzudjdB395fkSL1iC+pHte9goBRNyLwRnM3WndVcHJAG11a4Q8agojaEl
FkE7hY1O6ZU=i1po
-----END PGP SIGNATURE-----
Reply to: