[1101] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] sh != bash (was "bash security hole")

daemon@ATHENA.MIT.EDU (A. P. Harris)
Tue Aug 27 18:25:35 1996

To: Zoltan Hidvegi <hzoli@cs.elte.hu>
Cc: linux-security@tarsier.cv.nrao.edu
In-reply-to: Your message of Mon, 26 Aug 1996 00:53:22 +0200.
             <199608252253.AAA29641@hzoli.ppp.cs.elte.hu> 
Date: Tue, 27 Aug 1996 02:43:18 -0500
From: "A. P. Harris" <apharris@onshore.com>



[You (Zoltan Hidvegi)]
> A sutable workaround [to the unsigned char problem in bash]
> is to get zsh-3.0.0 and link /bin/sh to zsh.  Pdksh is an other
> alternative but it is less convinient for interactive use.

This reminds me of an issue that always bugged me about Linux in 
particular.  Why should I want a shell which is geared for interactive 
use to be running all my little shell scripts?  Isn't that a massive 
waste of CPU, memory, security, and robustness?  Isn't it better to have 
a different interactive shell (big and featureful) from your 
script-running shell?  Assuming of course that they both emulate the 
Bourne shell syntax well, of course.

I'm considering kiss, ash, and zsh for that part.  Any pointers or 
gotchas from the list?  

.....A. P. Harris...apharris@onShore.com...<URL:http://www.onShore.com/>

home help back first fref pref prev next nref lref last post