Re: Fwd: Non-upstream patches for bash

[Michael Samuel <mik () miknet net>]

On 28 September 2014 01:06, Solar Designer <solar () openwall com> wrote:
> This also means that we should treat any programs that generate bash
> scripts with (sanitized) untrusted input in them as unsafe, and patch
> those to use safer mechanisms to pass (sanitized) inputs to scripts
> (preferably use env vars with fixed names).

The problem with this approach is that a sh is useful for both system(3)
and wrapping things like java.

This problem came up because bash was parsing environment variables
even when the script wasn't referencing them.  I don't think anyone lets
network users set completely arbitrary environment variable names.

I think Debian's approach of dash as /bin/sh, and bash as an interactive
shell is the right balance.

I switched a Fedora box to using dash as /bin/sh, and so far have only
logged one bug for something that broke, and it pretty much deserved
to break (BZ #1146733).

Regards,
  Michael