On Tuesday, September 30, 2014 1:40:55 AM UTC+2, Chet Ramey wrote: > > > Forget about posix mode then: bash -p (privileged) offers a lean-and-mean > > variant which pretty much satisfies anybody needing "just sh". However, > > there is no way to store an option in a symbolic link, so all distributions > > doing "sh -> bash" are bound to perpetuate the danger (of > > "eval-from-the-env"). So it would seem normal for some of them to move away > > from bash as the default sh. > > Are we talking about the same thing? > Privileged mode is intended for use when bash might run setuid (a bad idea > in any case). It affects what bash will use from the environment -- yes, > including shell functions -- and inhibits setting the euid to the ruid. > It doesn't have any other effect. It certainly doesn't turn off any bash > features.
It *does* disable that embarrassing nightmare of a misfeature that is function import: if (privmode == 0 && ... && STREQN ("() {", string, 4)) ... parse_and_execute(...) So, from the perspective of a "just the sh, Ma'am" goal, it is a pretty good contender. Regardless of the faith one can have in the recent patches, shunning that 'parse_and_execute(environment)' altogether sounds orders of magnitude safer. -Alex