[arch-general] dash as default shell?

[Piscium]

On Wed, 17 Jun 2020 at 21:21, brent s. <bts at square-r00t.net> wrote:

> Now, to init- because Arch uses systemd (and, yes, now Debian and
> Ubuntu), one must wonder what benefit, if any, this actually serves.
> systemd invokes the command directly, it does not spawn a shell to run
> an init script like sysvinit, upstart, openrc, etc. This is, primarily,
> the purpose of the system shell.
>
> I don't really see much of a benefit to it being that Arch uses systemd.
> Granted, it probably wouldn't harm much either given the purpose of the
> system shell, and probably why those who have already changed it haven't
> seen any noticeable effects. It just seems like an unnecessary change.

It's a good point you made that with systemd there are less benefits
of a fast /bin/sh. Ubuntu made its switch to dash in 2006 [1] and
Debian in 2011 [2], [3], and they switched to systemd later in 2013
and 2012, respectively [4]. But switching to dash would also be about
security, as less code means less bugs [5]. I found only one CVE for
dash, an old one when dash is used as a login shell [7]. There are a
number of bash bugs but they tend to be in various devices that are
not necessarily using the latest bash version so most would not apply
to Arch (it would take a long time to go through the list [8] in
detail so I won't do it).

[1] https://wiki.ubuntu.com/DashAsBinSh
[2] https://wiki.debian.org/Shell
[3] https://www.debian.org/News/2011/20110205a
[4] https://en.wikipedia.org/wiki/Systemd#Adoption
[5] https://lwn.net/Articles/614218/
[6] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bash
[7] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0854
[8] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bash+