more ash/dash/bash questions
in [Debian]
|
Prev: Most inexpensive debian friendly laserjet printer? total cost of ownership including laserink?
Next: Ofertas día de la madre !!!
From: Raj Kiran Grandhi on 6 May 2008 23:00 Otavio Exel wrote: > Hello List, > > I've been writing shell scripts to be run as root lately; > I'm not aware of any security-risk involving bash but I'd much more > rather run those scripts with ash or dash instead of bash; What sort of security risks do you have in mind other than human error? Particularly when the script is running as root. > > some years ago I remember reading here that pointing /bin/sh to dash or > ash would break a lot of important scripts in Debian; > > so, instead of pointing /bin/sh to ash or dash, I'm starting my scripts > with ``#!/bin/ash''; I know that if I accidentaly remove ash my scripts > will break but I decided to run the risk! > > but, in order to mimimize the risk, which interpreter should I use in my > scripts, ``#!/bin/ash'' or ``#!/bin/dash'' ? It depends on where the scripts are intended to be run. If you want them to run only on your machine, you are free to choose any interpretor you want, otherwise you can try making a deb package of your script and have it depend on the interpretor of your choice. -- Raj Kiran Grandhi -- Politics is for the moment. An equation is for eternity. -- Albert Einstein -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: Andrei Popescu on 7 May 2008 02:40 On Tue, May 06, 2008 at 09:29:44PM -0300, Otavio Exel wrote: > some years ago I remember reading here that pointing /bin/sh to dash or > ash would break a lot of important scripts in Debian; $ ls -la `which sh` lrwxrwxrwx 1 root root 4 2008-05-07 09:20 /bin/sh -> dash I had it like this for some time, but at some upgrade it was changed back. Now I changed it again the Debian Way (tm), with dpkg reconfigure dash Using dash as /usr/sh is a release goal. If you use unstable or testing and you find scripts that break you should file bugs. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
From: Chris Bannister on 7 May 2008 04:40 On Tue, May 06, 2008 at 09:29:44PM -0300, Otavio Exel wrote: > Hello List, > > I've been writing shell scripts to be run as root lately; > I'm not aware of any security-risk involving bash but I'd much more > rather run those scripts with ash or dash instead of bash; Obviously ash or dash have to be installed. > some years ago I remember reading here that pointing /bin/sh to dash or > ash would break a lot of important scripts in Debian; Umm, well, if /bin/sh points to dash/ash and you write a script with bashisms then you have to have #!/bin/bash as the interpreter line. The reason there was talk about it, is that traditionally /bin/sh pointed to /bin/bash and so it wouldn't matter if you used bashisms or not. Now, /bin/sh is going to point to dash for reasons of bootup speed and I suppose also (eventually) to not force the installation of bash, as it is a bit of a resource hog, although this last part is just a guess. > so, instead of pointing /bin/sh to ash or dash, I'm starting my scripts > with ``#!/bin/ash''; I know that if I accidentaly remove ash my scripts > will break but I decided to run the risk! Umm, point /bin/sh to dash and file bugs against packages that break. You will be contributing to Debian by doing this. > but, in order to mimimize the risk, which interpreter should I use in my > scripts, ``#!/bin/ash'' or ``#!/bin/dash'' ? See previous points. -- Chris. ====== "One, with God, is always a majority, but many a martyr has been burned at the stake while the votes were being counted." -- Thomas B. Reed -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: Andrei Popescu on 7 May 2008 13:00 On Wed, May 07, 2008 at 08:44:34PM +1200, Chris Bannister wrote: > > some years ago I remember reading here that pointing /bin/sh to dash or > > ash would break a lot of important scripts in Debian; > > Umm, well, if /bin/sh points to dash/ash and you write a script with > bashisms then you have to have #!/bin/bash as the interpreter line. The > reason there was talk about it, is that traditionally /bin/sh pointed to > /bin/bash and so it wouldn't matter if you used bashisms or not. Now, I was always wondering about this. I thought bash behaved differently (as in POSIX) when called as sh. > /bin/sh is going to point to dash for reasons of bootup speed and I > suppose also (eventually) to not force the installation of bash, as it > is a bit of a resource hog, although this last part is just a guess. I think bash will remain a high priority package as it is a better choice as a default shell *than dash/ash* (no flamewars please) for normal users. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
From: Sven Joachim on 7 May 2008 14:50
On 2008-05-07 18:39 +0200, Andrei Popescu wrote: > On Wed, May 07, 2008 at 08:44:34PM +1200, Chris Bannister wrote: >> Umm, well, if /bin/sh points to dash/ash and you write a script with >> bashisms then you have to have #!/bin/bash as the interpreter line. The >> reason there was talk about it, is that traditionally /bin/sh pointed to >> /bin/bash and so it wouldn't matter if you used bashisms or not. Now, > > I was always wondering about this. I thought bash behaved differently > (as in POSIX) when called as sh. While it changes its startup and behaves somewhat differently, it does *not* disable non-POSIX extensions. >> /bin/sh is going to point to dash for reasons of bootup speed and I >> suppose also (eventually) to not force the installation of bash, as it >> is a bit of a resource hog, although this last part is just a guess. > > I think bash will remain a high priority package as it is a better > choice as a default shell *than dash/ash* (no flamewars please) for > normal users. Bash will remain an essential package for many years to come, yes. There are simply too many packages that ship bash scripts. As for the interactive use, nobody in their right state of mind would use dash, but many don't use bash either. The ultimate interactive shell for power users seems to be zsh (which uses even more resources than bash, but that hardly matters on halfway recent systems). Sven -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org |