On Tuesday, September 30, 2014 1:40:55 AM UTC+2, Chet Ramey wrote:
>
> > Forget about posix mode then: bash -p (privileged) offers a lean-and-mean
> > variant which pretty much satisfies anybody needing "just sh". However,
> > there is no way to store an option in a symbolic link, so all distributions
> > doing "sh -> bash" are bound to perpetuate the danger (of
> > "eval-from-the-env"). So it would seem normal for some of them to move away
> > from bash as the default sh.
>
> Are we talking about the same thing?
> Privileged mode is intended for use when bash might run setuid (a bad idea
> in any case). It affects what bash will use from the environment -- yes,
> including shell functions -- and inhibits setting the euid to the ruid.
> It doesn't have any other effect. It certainly doesn't turn off any bash
> features.
It *does* disable that embarrassing nightmare of a misfeature that is function
import:
if (privmode == 0 && ... && STREQN ("() {", string, 4))
...
parse_and_execute(...)
So, from the perspective of a "just the sh, Ma'am" goal, it is a pretty good
contender. Regardless of the faith one can have in the recent patches, shunning
that 'parse_and_execute(environment)' altogether sounds orders of magnitude
safer.
-Alex
