On Fri, Sep 26, 2014 at 8:23 AM, Tim <[email protected]> wrote: > For years I have ditched bash as my /bin/sh since bash is large and > slow. It uses 5x as much memory as alternatives such as dash. Bash > is good as a user interface, but not as a scripting tool, and all of > those scripts in /etc that run at boot time go a whole lot faster if > you use a simpler alternative. As it so happens, changing to something > like dash will also vastly reduce the attack surface related to this > vulnerability. > > To change your default /bin/sh to dash on Debian-based systems > (e.g. Ubuntu), all you need to do is: > sudo apt-get install dash
Note that if you're using a system that doesn't already use /bin/sh -> dash, they may not have gone through the massive pains that Ubuntu went through years ago to make the transition. Many, many scripts erroneously assume /bin/sh is bash, and use bash-specific features accordingly. This basically means that moving /bin/sh to dash can potentially be very painful on systems that haven't been accustomed to doing that, so make sure you at least have a functioning system first. :) It might (or might not) be easier to use ksh (not the public-domain one, the true Korn shell) instead - it has most of the same features bash has (but NOT function exports ;) ), and usually the same syntax too. It probably at least stands a better chance than dash to work without a hitch on systems that have scripts that lazily assume bash. Zsh is also an option. Default zsh is NOT AT ALL compatible with Bourne shell syntax, but when it's invoked via /bin/sh (e.g., after you've set up a /bin/sh -> ksh symlink), all the incompatible features are turned off, and it runs in sh-compatibility mode. The only reason I mention it is bash and ksh are both kind of old, crufty code (though IIRC from my experience bash is much the cruftier) - clean code is harder to hide bugs in. That's also the win that dash buys you of course: much simpler, and probably cleaner (I don't recall actually looking much at the source for either zsh or dash, but most of the code-quality issues I've noticed in bash at least are of the sort that used to be much more common in the 80s and 90s, or at least that's my vague and unscientific impression from past exposure to it. :D -mjc _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
