Re: bash exorcism experiment ('bug' 762923 & 763012)
Ok then, I stand (doubly) corrected. Thanks
On Thu, Oct 2, 2014 at 1:06 PM, Simon McVittie <smcv@debian.org> wrote:
> On 02/10/14 17:30, shawn wilson wrote:
>> I'm pretty sure dash never got a rewrite? So this just happened to be
>> a "feature" that got ripped out of dash.
>
> You seem to be under the impression that dash is some sort of fork or
> derivative of bash. It isn't; I don't think they even have a common
> ancestor.
>
> POSIX sh is a specification for how Unix-like shells should behave,
> based on the language interpreted by the 1977 Bourne shell (sh). Debian
> Policy requires /bin/sh to be a POSIX sh with at least a couple of
> specified additional features ("local" is one of those features), and
> optionally, other features beyond those. The default implementation was
> originally bash, and was changed to dash in recent releases.
>
> dash is an implementation of POSIX sh, derived from the Almquist shell
> (ash) taken from NetBSD. As far as I know, ash was an independent
> implementation (i.e. rewrite) of a POSIX sh. It has a small number of
> non-POSIX features, including those required by Debian Policy.
>
> bash is GNU's implementation (i.e. another rewrite) of the Bourne shell,
> hence its name "Bourne Again SHell". It has lots of non-POSIX features,
> making it a considerably better interactive shell than dash, and more
> capable for scripting. One of its non-POSIX features is the ability to
> export functions, which is the feature being abused in this vulnerability.
>
>> I'm not sure why it got ripped out
>
> I don't think dash ever had this feature to begin with, so there was
> nothing to rip out.
>
> S
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 542D8629.8000906@debian.org">https://lists.debian.org/[🔎] 542D8629.8000906@debian.org
>
Reply to: