Hello List, Today someone in a meeting claimed the Bourne shell is deprecated, one of the reasons being it supposedly has security issues. Well that's all news to me, and I cannot find anything online to corroborate the claim. Is this true, is it a bash vs. Bourne FUD, or something else? Thanks, Jack
On 26/04/16 09:45 PM, Jack Bailey wrote:> Hello List, > > Today someone in a meeting claimed the Bourne shell is deprecated, one > of the reasons being it supposedly has security issues. Well that's all > news to me, and I cannot find anything online to corroborate the claim. > Is this true, is it a bash vs. Bourne FUD, or something else? > > Thanks, > Jack[Citation Needed] -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education?
There was the "Shell Shock" Vulnerability patched on the 24th of September 2014 Maybe this person was Misinformed after this incident. Microsoft and Ubuntu just announced BASH for Windows ( they called it Linux on Windows or something like that ). On 27 April 2016 at 13:47, Digimer <lists at alteeve.ca> wrote:> On 26/04/16 09:45 PM, Jack Bailey wrote: > > Hello List, > > > > Today someone in a meeting claimed the Bourne shell is deprecated, one > > of the reasons being it supposedly has security issues. Well that's all > > news to me, and I cannot find anything online to corroborate the claim. > > Is this true, is it a bash vs. Bourne FUD, or something else? > > > > Thanks, > > Jack > > [Citation Needed] > > -- > Digimer > Papers and Projects: https://alteeve.ca/w/ > What if the cure for cancer is trapped in the mind of a person without > access to education? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
On 4/26/2016 6:45 PM, Jack Bailey wrote:> > Today someone in a meeting claimed the Bourne shell is deprecated, one > of the reasons being it supposedly has security issues. Well that's > all news to me, and I cannot find anything online to corroborate the > claim. Is this true, is it a bash vs. Bourne FUD, or something else?there's no Bourne shell in CentOS anyways, /bin/sh is a symlink to /bin/bash... last OS I can think of with an actual Bourne shell was Solaris. -- john r pierce, recycling bits in santa cruz
On 04/26/2016 06:45 PM, Jack Bailey wrote:> Today someone in a meeting claimed the Bourne shell is deprecated, one > of the reasons being it supposedly has security issues. Well that's > all news to me, and I cannot find anything online to corroborate the > claim. Is this true, is it a bash vs. Bourne FUD, or something else?The Bourne shell is not POSIX conforming. It's not widely available. It was included in Solaris until 11, when it was replaced with a POSIX compatible sh. It was affected by a security issue in 2014: http://www.cvedetails.com/vulnerability-list/vendor_id-15053/year-2014/Heirloom.html I think it's hard to argue that it's not deprecated.
On 26/04/16 10:07 PM, John R Pierce wrote:> On 4/26/2016 6:45 PM, Jack Bailey wrote: >> >> Today someone in a meeting claimed the Bourne shell is deprecated, one >> of the reasons being it supposedly has security issues. Well that's >> all news to me, and I cannot find anything online to corroborate the >> claim. Is this true, is it a bash vs. Bourne FUD, or something else? > > there's no Bourne shell in CentOS anyways, /bin/sh is a symlink to > /bin/bash... > > last OS I can think of with an actual Bourne shell was Solaris.?? [root at an-striker01 ~]# cat /etc/redhat-release CentOS release 6.7 (Final) [root at an-striker01 ~]# which bash /bin/bash [root at an-striker01 ~]# ls -lah /bin/bash -rwxr-xr-x. 1 root root 885K Sep 22 2015 /bin/bash [root at an-striker01 ~]# which sh /bin/sh [root at an-striker01 ~]# ls -lah /bin/sh lrwxrwxrwx. 1 root root 4 Mar 27 18:40 /bin/sh -> bash Same upstream on Fedora 23: 0 root at pulsar:/home/digimer# cat /etc/redhat-release Fedora release 23 (Twenty Three) 0 root at pulsar:/home/digimer# which bash /bin/bash 0 root at pulsar:/home/digimer# ls -lah /bin/bash -rwxr-xr-x. 1 root root 1.1M Jan 11 06:02 /bin/bash 0 root at pulsar:/home/digimer# which sh /bin/sh 0 root at pulsar:/home/digimer# ls -lah /bin/sh lrwxrwxrwx. 1 root root 4 Jan 11 06:02 /bin/sh -> bash -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education?
On 04/26/16 21:13, John R Pierce wrote:> On 4/26/2016 6:45 PM, Jack Bailey wrote: >> >> Today someone in a meeting claimed the Bourne shell is deprecated, >> one of the reasons being it supposedly has security issues. Well >> that's all news to me, and I cannot find anything online to >> corroborate the claim. Is this true, is it a bash vs. Bourne FUD, or >> something else? > > there's no Bourne shell in CentOS anyways, /bin/sh is a symlink to > /bin/bash... > > last OS I can think of with an actual Bourne shell was Solaris. > >The various *BSD's have & use the actual Bourne shell .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.
On 04/27/2016 05:20 AM, Joerg Schilling wrote:> While older versions of the Bourne Shell are not POSIX compliant, recent > versions only miss the feature "arithmetic expansion" and are otherwise > probably closer to POSIX than bash or dash. Note that "dash" does not support > multi-byte characters and thus cannot be certified for a full UNIX system but > only for embedded UNIX systems.That's good to know. But, since there seem to be several forks of Bourne shell, currently, is there a reference for the differences between them?> As far as I can see, this was related to "mailx" and not to the shell.I looked for substantiation of the original claim that the bourne shell had security problems. Apparently I should have looked closer. Thanks for catching that.