[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving bash from essential/required to important?

On Mon, Apr 04, 2011 at 11:00:37PM +0200, Luk Claes wrote:
> On 04/04/2011 10:42 PM, Steve Langasek wrote:
> > On Mon, Apr 04, 2011 at 08:32:50PM +0100, Lars Wirzenius wrote:
> >> On ma, 2011-04-04 at 19:43 +0100, Roger Leigh wrote:
> >>> Regarding the root shell issue, I wouldn't have an issue with it
> >>> being /bin/sh.  The admin is always free to chsh it to the shell
> >>> of their choice.

> >> We could even have d-i set the root shell to bash if it installs bash.
> >> Or have bash do it always, even, if root's shell is /bin/sh.

> > This doesn't address the problem that the package manager will no longer be
> > treating bash as Essential, with the result that root's login shell may be
> > rendered unusable at some point during an upgrade.  It also removes the
> > requirement that the bash maintainer ensure the package is usable when
> > unpacked but not yet configured.  How do we mitigate this?  The latter could
> > be mitigated by calling out the requirement separately in Policy, but what
> > about the former?

> What about Roger's suggestion to have the root account passwordless and
> locked with sudo access? Are there other drawbacks to that proposal (is
> booting in single user mode covered for instance?)?

How does that address the problem of getting a root shell to recover a
system that's gone south in the middle of an upgrade?  Do you intend to have
a *user* account with sudo privileges that has /bin/sh as a default login

> > Users who have made a conscious decision to use a different shell as their
> > root shell (such as zsh) may have accepted this incremental increase in
> > risk, but I'm not convinced that we want to do this for all users by default
> > (if bash is still Priority: required, it will be installed by default, so
> > all users will be affected unless they opt out).

> I guess this is not so much an issue anymore when the account is locked?

> > And if /bin/sh is going to be dash (which I think is what we want), I
> > wouldn't like to inflict that on anyone as the default root login shell.

> In single user mode this would still be the case I guess? Though that
> would not have a big impact anymore I guess?

Essential is all about the corner cases.  One of those corner cases is that
you've lost power in the middle of an upgrade and everything above the
Essential set has been left in an inconsistent and unusable state.  This
rarely happens, but the Policy definition of Essential is our guarantee that
when Murphy *does* have his way with your system, you don't need to resort
to rescue media to recover it provided you have access to the console.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: