[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bash exorcism experiment ('bug' 762923 & 763012)

2014-10-02 10:06:50 -0400, shawn wilson:
> I hate the idea of dash. It's not more secure (see vmware cve for an
> example) and I think it was more of an accident than anything else this
> didn't hit dash too.

That CVE is not about a bug in dash. There are a few
misconceptions around that CVE.

for more details.

Whatever dash bugs may have are easily fixed. The good thing
with it is that it has *fewer* features, and especially fewer of
the ksh misfeatures (many of which copied by bash, some of them
fixed/improved in zsh), so it's more efficient and likely to be
safer than bash/mksh/zsh so is a much more obvious choice for
/bin/sh, that is  the system's command line interpreter (used in
system(), popen()) or interpreter for POSIX sh scripts.

By all means, use zsh or bash... as your interactive shell, but
please keep /bin/sh minimum, and don't bring as broken a feature
as the ksh arrays into the sh language.

Switching to dash for /bin/sh is one of the great things Debian
has done.


Reply to: