[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bash exorcism experiment ('bug' 762923 & 763012)

Ok then, I stand (doubly) corrected. Thanks

On Thu, Oct 2, 2014 at 1:06 PM, Simon McVittie <smcv@debian.org> wrote:
> On 02/10/14 17:30, shawn wilson wrote:
>> I'm pretty sure dash never got a rewrite? So this just happened to be
>> a "feature" that got ripped out of dash.
> You seem to be under the impression that dash is some sort of fork or
> derivative of bash. It isn't; I don't think they even have a common
> ancestor.
> POSIX sh is a specification for how Unix-like shells should behave,
> based on the language interpreted by the 1977 Bourne shell (sh). Debian
> Policy requires /bin/sh to be a POSIX sh with at least a couple of
> specified additional features ("local" is one of those features), and
> optionally, other features beyond those. The default implementation was
> originally bash, and was changed to dash in recent releases.
> dash is an implementation of POSIX sh, derived from the Almquist shell
> (ash) taken from NetBSD. As far as I know, ash was an independent
> implementation (i.e. rewrite) of a POSIX sh. It has a small number of
> non-POSIX features, including those required by Debian Policy.
> bash is GNU's implementation (i.e. another rewrite) of the Bourne shell,
> hence its name "Bourne Again SHell". It has lots of non-POSIX features,
> making it a considerably better interactive shell than dash, and more
> capable for scripting. One of its non-POSIX features is the ability to
> export functions, which is the feature being abused in this vulnerability.
>> I'm not sure why it got ripped out
> I don't think dash ever had this feature to begin with, so there was
> nothing to rip out.
>     S
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 542D8629.8000906@debian.org">https://lists.debian.org/[🔎] 542D8629.8000906@debian.org

Reply to: