[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash security issue
From: |
Greg Wooledge |
Subject: |
Re: Bash security issue |
Date: |
Fri, 26 Sep 2014 11:16:05 -0400 |
User-agent: |
Mutt/1.4.2.3i |
On Fri, Sep 26, 2014 at 10:51:36AM -0400, Steve Simmons wrote:
> The more I see of how many bash-isms work when bash is invoked as /bin/sh,
> the more convinced I get that we need to either
>
> 1) make bash when invoked as /bin/sh fail those bash-isms
>
> 2) build a 'real' /bin/sh without those compiled in. This begs the definition
> of 'real', but IMHO if it's not in POSIX, it shouldn't be in 'real' /bin/sh
Many operating systems do ship a POSIX /bin/sh which isn't bash.
Ubuntu and Debian come to mind, among the Linux distributions. There are
also all of the BSDs (I don't think any of them install bash as /bin/sh)
and all of the commercial Unix flavors (same).
The problem is, many *other* Linux distributions (even including older
versions of Debian and Ubuntu) ship bash as /bin/sh, and users who
are not adept at shell programming don't understand the difference.
So there are untold numbers of scripts on Linux systems in the real world
which use #!/bin/sh as their header, but which use some bash syntax.
These will all break if the user installs dash/pdksh as /bin/sh.
- Re: Bash security issue, Eric Blake, 2014/09/25
- Re: Bash security issue, Linda Walsh, 2014/09/25
- Re: Bash security issue, Eric Blake, 2014/09/25
- Re: Bash security issue, Linda Walsh, 2014/09/25
- Re: Bash security issue, lolilolicon, 2014/09/26
- Re: Bash security issue, Zack Weinberg, 2014/09/26
- Re: Bash security issue, Eric Blake, 2014/09/26
- Re: Bash security issue, Steve Simmons, 2014/09/26
- Re: Bash security issue,
Greg Wooledge <=
- Re: Bash security issue, Paul Smith, 2014/09/26
- Re: Bash security issue, Chet Ramey, 2014/09/27
- Re: Bash security issue, Eric Blake, 2014/09/27
- Re: Bash security issue, Steve Simmons, 2014/09/27
- Re: Bash security issue, Zack Weinberg, 2014/09/26
- Re: Bash security issue, Nick Bowler, 2014/09/26
- Re: Bash security issue, Eric Blake, 2014/09/26
- Re: Bash security issue, Nick Bowler, 2014/09/26
- Re: Bash security issue, Linda Walsh, 2014/09/26
- Re: Bash security issue, Eric Blake, 2014/09/26