[1101] in linux-security and linux-alert archive
[linux-security] sh != bash (was "bash security hole")
daemon@ATHENA.MIT.EDU (A. P. Harris)
Tue Aug 27 18:25:35 1996
To: Zoltan Hidvegi <hzoli@cs.elte.hu>
Cc: linux-security@tarsier.cv.nrao.edu
In-reply-to: Your message of Mon, 26 Aug 1996 00:53:22 +0200.
<199608252253.AAA29641@hzoli.ppp.cs.elte.hu>
Date: Tue, 27 Aug 1996 02:43:18 -0500
From: "A. P. Harris" <apharris@onshore.com>
[You (Zoltan Hidvegi)]
> A sutable workaround [to the unsigned char problem in bash]
> is to get zsh-3.0.0 and link /bin/sh to zsh. Pdksh is an other
> alternative but it is less convinient for interactive use.
This reminds me of an issue that always bugged me about Linux in
particular. Why should I want a shell which is geared for interactive
use to be running all my little shell scripts? Isn't that a massive
waste of CPU, memory, security, and robustness? Isn't it better to have
a different interactive shell (big and featureful) from your
script-running shell? Assuming of course that they both emulate the
Bourne shell syntax well, of course.
I'm considering kiss, ash, and zsh for that part. Any pointers or
gotchas from the list?
.....A. P. Harris...apharris@onShore.com...<URL:http://www.onShore.com/>