Re: bash without importing shell functions from the environment

[Russ Allbery <rra@debian.org>]

shawn wilson <ag4ve.us@gmail.com> writes:
> On Sep 25, 2014 9:36 PM, "Russ Allbery" <rra@debian.org> wrote:

>> That may be overkill, but I will say that I'm feeling *extremely*
>> grateful the last few days that we pushed forward with switching
>> /bin/sh to dash, even though some folks thought this was a bad idea.
>> Having the shell used by system() and popen() be as simple as possible
>> turns out to be rather important.

> In that case, I'd think busybox's sh is *much* more minimalist. Why dash
> over busybox?

There's a tradeoff between minimal enough to not be caught by surprise by
complexity or bugs, and having sufficient features that people don't just
change all their shells to start with #!/bin/bash or complain so much that
we can't switch at all.  Given that we just *barely* managed with dash, I
don't think we would have succeeded with anything even more minimal.  As
is, I believe some additional features were added to dash over the course
of the (long) push for the change to make it viable to replace /bin/sh,
and a lot of our users still immediately changed /bin/sh back to bash (and
therefore were more vulnerable to this bug).

It's possible we could go more minimal, but it's a lot of effort to drop
features, and really painful to track down all the places those features
are used.  We worked on getting rid of bashisms in the archive for
literally years.  I don't think it's a good time/value tradeoff to switch
to anything with fewer features than dash.

Now, if there's another small shell that supports everything dash supports
but is better on some other axis, we could certainly consider it.  But
don't underestimate the amount of work it takes to validate the whole
archive under a different /bin/sh.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>