Re: Bash security issue

[Steve Simmons]

On Sep 26, 2014, at 10:36 AM, Eric Blake <eblake@redhat.com> wrote:

> . . . I _also_ agree that since function exports are NOT required by POSIX,
> that it would be okay if we let /bin/bash continue to import functions
> by default, but have bash invoked as /bin/sh refuse to do imports by
> default. . .

The more I see of how many bash-isms work when bash is invoked as /bin/sh, the 
more convinced I get that we need to either

1) make bash when invoked as /bin/sh fail those bash-isms

2) build a 'real' /bin/sh without those compiled in. This begs the definition 
of 'real', but IMHO if it's not in POSIX, it shouldn't be in 'real' /bin/sh

Why this is bothering me today? There has been at least one instance of a group 
building a new bash, installing it, and finding the hard way that it didn't 
work at boot time. If /bin/sh had been a separate pared-down thing, they could 
have at least booted.

I have always been unhappy with /bin/sh being a symlink to /bin/bash rather 
than a separate pared-down executable or with bash features turned off). The 
last couple of days only reinforces that opinion.

Yours in haste,

Steve