Re: more ash/dash/bash questions
On Tue, May 06, 2008 at 09:29:44PM -0300, Otavio Exel wrote:
> Hello List,
> I've been writing shell scripts to be run as root lately;
> I'm not aware of any security-risk involving bash but I'd much more
> rather run those scripts with ash or dash instead of bash;
Obviously ash or dash have to be installed.
> some years ago I remember reading here that pointing /bin/sh to dash or
> ash would break a lot of important scripts in Debian;
Umm, well, if /bin/sh points to dash/ash and you write a script with
bashisms then you have to have #!/bin/bash as the interpreter line. The
reason there was talk about it, is that traditionally /bin/sh pointed to
/bin/bash and so it wouldn't matter if you used bashisms or not. Now,
/bin/sh is going to point to dash for reasons of bootup speed and I
suppose also (eventually) to not force the installation of bash, as it
is a bit of a resource hog, although this last part is just a guess.
> so, instead of pointing /bin/sh to ash or dash, I'm starting my scripts
> with ``#!/bin/ash''; I know that if I accidentaly remove ash my scripts
> will break but I decided to run the risk!
Umm, point /bin/sh to dash and file bugs against packages that break.
You will be contributing to Debian by doing this.
> but, in order to mimimize the risk, which interpreter should I use in my
> scripts, ``#!/bin/ash'' or ``#!/bin/dash'' ?
See previous points.
"One, with God, is always a majority, but many a martyr has been burned
at the stake while the votes were being counted." -- Thomas B. Reed