On 29/09/14 11:57, Volker Kuhlmann wrote:
It is not impossible now though that distributions will reduce their least common denominator for /bin/sh somewhat and clean up all the corners, but it's not going to happen overnight.
FWIW, Ubuntu Linux has used dash as their /bin/sh since late 2006, and Debian Linux has used dash as their /bin/sh since early 2011 (earlier in development/test versions). (Both originally did it for boot speed, but the reduction in security risk is a nice side benefit.) There were a lot of "bashisms" to clean up (the Ubuntu wiki lists many of them: https://wiki.ubuntu.com/DashAsBinSh), but for new installs in the last few years it "just works". When I audited the Debian/Ubuntu systems that I manage/help manage there was only one that had bash as its /bin/sh (very old Debian install which has been upgraded through a bunch of major releases). IMHO, even changing all of your scripts that you don't have time to audit to say "#! /bin/bash" explicitly at the top, and changing your /bin/sh to be something other than bash would be a practical improvement (eg, system() wouldn't be calling bash, and it's less likely bash would be invoked with "untrusted" input). Ewen PS:
like the, in plain English, retarded capabilities of alternative interpreters.
aka, traditional Bourne Shell capabilities and/or POSIX (/Common Unix) capabilities. Anyone writing portable shell scripts has been dealing with those limitations for decades. IMHO if they're getting in your way you probably should be writing the script in a modern scripting language (Python, Ruby, Perl, ...) instead anyway.