[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing bash (Was: /etc/init.d/network is too simple?)

* Marcus Brinkmann said:
> On Fri, Apr 16, 1999 at 09:05:07PM +0200, Marek Habersack wrote:
> > All the binaries that might be necessary in such a situation should always
> > be linked statically
> Almost useless. You would end up with a lot of statically linked binaries
> which in 99.99999% of all cases DON'T NEED to be statically linked.
> In the remainig near 0%, you use the boot disk.
> The reason is simple. If your system is so broken that ld can't operate to
> link the binaries, you are FUBAR anyway and need the rescue disk. There are
Hmm... I was writing about it before that I had such a problem when I
accidentaly forgot to replace just ONE binary with a new version (or,
rather, it was something with dependencies which apt couldn't handle) and
rebooted with the old version of bash and glibc2.1 which turned out to be a
complete disaster. A boot disk and a manual replacement of the binary did
the trick, but don't you think that relying the machine saninty on ONE (but
very vital) binary is not quite that good?? 

> very few cases in which statically linked binaries would turn out to be
> useful, but the cost is too high.
> Someone following the stable distribution should NEVER encounter such a
> situation. Someone who doesn't will take preparations to his liking (using
> toor+sash, or whatever).
Yes, I like the solution with sash, but it requires some tweaking as
compared to the current Debian setup. One has to either

1) specify the shell to invoke at the LILO prompt and I bet that most users
   and majority of admins doesn't care to take a look at the LILO doc or
   sulogin(8) manpage
2) changing the boot scripts to set SUSHELL to shash
3) change sulogin to use the toor account in the single mode

2) and 3) can easily be introduced into the standard distribution, esp. #2.
It'd only require modification of one script and adding sash as a standard
component installed at the very beginning.

> Implementing your suggestion of statically linked binaries would impose the
> preference of a minority (of people and cases) over the preferences of the
> rest, something we better avoid.
Hmm... what about an OPTIONAL package of statically linked bins?

> I understand your fears, they are shared by other people. But the experience
> shows that the Debian way to do it is indeed very reliable. 
Yes, it is reliable, but can be made water-proof :))) by slightly modifying
the distribution...


Attachment: pgpX8e6mSEMYz.pgp
Description: PGP signature

Reply to: