Page 1 of 7 123 ... LastLast
Results 1 to 10 of 68

Thread: Dash As The Default Shell For Fedora?

  1. #1
    Join Date
    Jan 2007
    Posts
    15,126

    Default Dash As The Default Shell For Fedora?

    Phoronix: Dash As The Default Shell For Fedora?

    While Ubuntu/Debian have long preferred Dash as its /bin/sh implementation, in light of the recent Shellshock Bash vulnerability there's a discussion starting about Dash potentially becoming the default shell for Fedora Linux...

    http://www.phoronix.com/vr.php?view=MTgwMjI

  2. #2
    Join Date
    Jun 2011
    Posts
    1,036

    Default

    Well I'm definitely in favour of that

  3. #3
    Join Date
    Jan 2010
    Location
    Ghent
    Posts
    216

    Default

    I recently switched my /bin/sh to dash on Arch. As user shell I use zsh, but bash still needs to be installed because many packages need it. I was also considering mksh which is the most used linux shell (1 billion Android devices) which got a pretty impressive set of features for being so light weight. I went for dash because /bin/sh should just adhere to the common standards and since it is non-interactive I should not have to bother about features. Considering making it statically linked against musl ....

  4. #4
    Join Date
    Jul 2012
    Posts
    5

    Default Shells

    Quote Originally Posted by phoronix View Post
    Phoronix: Dash As The Default Shell For Fedora?

    While Ubuntu/Debian have long preferred Dash as its /bin/sh implementation, in light of the recent Shellshock Bash vulnerability there's a discussion starting about Dash potentially becoming the default shell for Fedora Linux...

    http://www.phoronix.com/vr.php?view=MTgwMjI
    I've never even (still don't) know anything about Dash other than years ago seeing a switch to it in a HowToForge article where switch the shell from Bash. Perhaps an article on the differences. Is it really any more secure? and what other (viable)options are available?

  5. #5
    Join Date
    Dec 2011
    Posts
    121

    Default

    Quote Originally Posted by staalmannen View Post
    I recently switched my /bin/sh to dash on Arch (...) I went for dash because /bin/sh should just adhere to the common standards and since it is non-interactive I should not have to bother about features.
    I was a Debian user and since it uses dash for /bin/sh without issues (AFAIK), I wanted to do the same on Arch. However, after reading this post I gave up: https://lists.archlinux.org/pipermai...er/037391.html

  6. #6
    Join Date
    Oct 2012
    Posts
    248

    Default

    Good idea... but obviously, make sure to audit the code, and move every single program to use dash.

  7. #7
    Join Date
    Jun 2013
    Posts
    107

    Default

    Quote Originally Posted by halo9en View Post
    I was a Debian user and since it uses dash for /bin/sh without issues (AFAIK), I wanted to do the same on Arch. However, after reading this post I gave up: https://lists.archlinux.org/pipermai...er/037391.html
    That post DRASTICALLY overstates the issue. You should be able to change the symlink without any major problem.

  8. #8
    Join Date
    Nov 2013
    Posts
    10

    Default

    Quote Originally Posted by asdfblah View Post
    Good idea... but obviously, make sure to audit the code, and move every single program to use dash.
    No, you "just" have to make sure that scripts that uses #!/bin/sh don't use non posix features. If a script is explicitelly requesting /bin/bash, there is nothing wrong.

    Every script that was meant to run also on debian/ubuntu should already be clean and since init scripts are not used for a lot of services anymore, that is a lot less painfull than a few years ago.

  9. #9
    Join Date
    Jan 2010
    Location
    Ghent
    Posts
    216

    Default

    Quote Originally Posted by halo9en View Post
    I was a Debian user and since it uses dash for /bin/sh without issues (AFAIK), I wanted to do the same on Arch. However, after reading this post I gave up: https://lists.archlinux.org/pipermai...er/037391.html

    I have not noticed any issues and I believe that is has been tested by far more Arch users than me since it is in the Arch wiki how to do it:

    https://wiki.archlinux.org/index.php/Dash

    Looking at the edit history the instructions of making dash default /bin/sh come from 2013 and according to the mailing thread you linked it was considered 7 years ago. An important difference between now and then is that the init scripts (which depended on bash) are no longer there.
    The instructions in the Dash page can also be applied to other shells like mksh etc... I was a bit undecided on which shell to pick but dash is smallest and less features _might_ mean less attack surfaces...

  10. #10
    Join Date
    Aug 2008
    Location
    Finland
    Posts
    1,673

    Default

    I was under the impression the security vulnerability was in a bash extension rather than in POSIX functionality so wouldn't affect you if you ran bash as /bin/sh limited version

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •