[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: more ash/dash/bash questions

On Tue, May 06, 2008 at 09:29:44PM -0300, Otavio Exel wrote:
> Hello List,
> I've been writing shell scripts to be run as root lately;
> I'm not aware of any security-risk involving bash but I'd much more
> rather run those scripts with ash or dash instead of bash;

Obviously ash or dash have to be installed.

> some years ago I remember reading here that pointing /bin/sh to dash or
> ash would break a lot of important scripts in Debian;

Umm, well, if /bin/sh points to dash/ash and you write a script with
bashisms then you have to have #!/bin/bash as the interpreter line. The
reason there was talk about it, is that traditionally /bin/sh pointed to
/bin/bash and so it wouldn't matter if you used bashisms or not. Now,
/bin/sh is going to point to dash for reasons of bootup speed and I
suppose also (eventually) to not force the installation of bash, as it
is a bit of a resource hog, although this last part is just a guess.

> so, instead of pointing /bin/sh to ash or dash, I'm starting my scripts
> with ``#!/bin/ash''; I know that if I accidentaly remove ash my scripts
> will break but I decided to run the risk!

Umm, point /bin/sh to dash and file bugs against packages that break.
You will be contributing to Debian by doing this.

> but, in order to mimimize the risk, which interpreter should I use in my
> scripts, ``#!/bin/ash'' or ``#!/bin/dash'' ?

See previous points.

"One, with God, is always a majority, but many a martyr has been burned
   at the stake while the votes were being counted."  -- Thomas B. Reed

Reply to: