[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: itp: static bins / resolving static debian issues

On Wed, Aug 18, 1999 at 03:32:52PM -0700, Steve Lamb wrote:

> >    -- sash becomes an "important" package so that it is installed
> >       by default. people who know that their systems will never 
> >       fail can deselect it, but by default you get it
               ^^^^^^^^^^^^^^^
> 
>     I don't think it should be forced on anyone as they may desire to go the
> route of boot disks.

Read what I wrote.

> >       these are run so rarely I don't see why they can't be static
> >       by default--but if people yell, we can have separate static
> >       versions.                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^
          ^^^^^^^^
> 
>     Static = bad.  It is not up to you to determine how often things are run
> nor the relative "cheapness" of the hardware.

Read what I wrote.

> >    -- root's shell be set to sash by default, if sash is installed
> 
>     Very bad as sash is not an interactive shell thus making it unusable.
> Sash is also not a POSIX compliant shell making scripts which may depend on
> root's shell unreliable.

Wrong. Sash is an interactive shell:

   spasm:~$ sash
   Stand-alone shell (version 2.1)
   > tty
   /dev/ttyp2
   > 

look, I just used it interactively for one, and it is connected to a tty 
(which is the usual definition of an "interactive shell") for another.

As for scripts which depend on root's shell: when was the last time you
ever saw a script that depended on roots shell? Short of root's own 
.profile, I have never seen one, not once, ever.

I am not proposing that we use sash as /bin/sh! (Though I have previously
said that ash, which is also non-broken, I mean non-POSIX, might be 
worth having as /bin/sh).

> A better option is to make an alternative UID 0 user with sash that is not
> root.  However, this introduces a security hole.

It introduces no security hole, and is a reasonable idea. (Or if it does
open a security hole, then there is a bug in Debian).

However, I have always been in favour of root having a shell without
command history and such, since it discourages people from using
root unless they have to.

I usually have ash as roots shell, and put this in my profile:

   if [ -z "$BASH$BASH_VERSION" ]; then
     for bash in /bin/bash /usr/bin/bash /usr/local/bin/bash 
     do
       if [ -x "$BASH" }; then 
          BASH="$bash"
          export BASh
          exec $BASH "$@"
       fi
     done
   fi

That's also a useful construct to have as your shell if you use NIS 
in a multi-architecture environment, where not every machine has 
bash, or has it in the same place.


>     I disagree and have been telling you what is wrong with the whole idea
> several times.  You just don't want to listen.

It has more or less amounted to "I don't like it, go away", and "nope, 
never happened to me", and "I like boot disks" so far as I can tell.

Justin
Reply to: