# Replacing /bin/sh



## user (Aug 23, 2009)

Hello,
Im wondering if it is safe to replace /bin/sh with the ported bash4 , the question comes because i have applied the syslog patch and wanted to log cmds..
Another question brings up in case of yes for the previous Q. .. assuming a remote attacker gets the /bin/sh ..will his commands be recorded via syslog?

ThankYou for any reply.


----------



## anomie (Aug 23, 2009)

Some issues with this approach come to mind: 

 during a base system upgrade, your version of "sh" may get overwritten
 unless you're building a statically linked bash4, the shell will not work when /usr/local is not mounted

There _might_ be some other unanticipated side effects as well. Moreover, when you evaluate risks vs. rewards, what are you getting from this? For your logging to work, a user would have to use /bin/sh. Other shells are available.


----------



## vermaden (Aug 23, 2009)

@user

Why sense in replacing tuned for scripts /bin/sh into bloated bash 4.x?


----------



## user (Aug 23, 2009)

>Some issues with this approach come to mind: 

>[*] during a base system upgrade, your version of "sh" may get overwritten

*Sure, then u replace again*

>[*] unless you're building a statically linked bash4, the shell will not work when /usr/local is not mounted

*Still no problems*


>There _might_ be some other unanticipated side effects as well.

*Thats what im asking about*

>Moreover, when you evaluate risks vs. rewards, what are you getting from this? For your logging to work, a user would have to use /bin/sh. Other shells are available.

*Lets say all shells are patched?*


----------



## user (Aug 23, 2009)

vermaden said:
			
		

> @user
> 
> Why sense in replacing tuned for scripts /bin/sh into bloated bash 4.x?



*If i get the meaning of your msg right you seem to collide with your signature*


----------



## graudeejs (Aug 23, 2009)

Imagine all the Crap ba*sh*[*itims*] will heppen when you run good sh script

```
#!/bin/sh
```
!=

```
#!/usr/local/bin/bash
```

What I wanna say, bash is peace of garbage, I think (I can't prove it, as well as you can't prove bash is any better).

Why not to install mksh, and use it.
Why to replace sh at all?
you know you can change shell to any other you want in may ways, without having to overwrite something


----------



## vivek (Aug 23, 2009)

Bad idea, many rc scripts depends upon /bin/sh. Sure bash can run them all, but I will not trust too much. Bash4 had some issue last time I checked while running for loop and it crashed few of my scripts. Later an updated patch was issued. Search this forum for other mailing list for bash4 bugs and you will get idea.


----------



## user (Aug 23, 2009)

Im not saying i want to delete /bin/sh and use /usr/local/bin/bash..
I want to overwrite /bin/sh with /usr/local/bin/bash .. version 4 or any stable bash version.


----------



## graudeejs (Aug 23, 2009)

Which is exactly what we are saying


Why the smurf do you want this crappy linuxism?


----------



## anomie (Aug 23, 2009)

user said:
			
		

> >There _might_ be some other unanticipated side effects as well.
> 
> *Thats what im asking about*



I haven't tested what you are describing, so I don't know for sure. There are a _lot_ of shell scripts that get run through /bin/sh. I think there is a chance you may break some of those. (But again, you would need to test that.) 

IMO, this is not worth the trouble or effort. But to each his own. 

-------

On a side topic, please read here to learn about using bbcode: 

http://www.phpbb.com/community/faq.php?mode=bbcode

It will make your posts easier to read if you're using e.g. the quote tag properly, and not arbitrarily bolding your replies.


----------



## SirDice (Aug 23, 2009)

If you want to know what your users are doing why not enable auditing?

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html


----------



## vermaden (Aug 23, 2009)

user said:
			
		

> *If i get the meaning of your msg right you seem to collide with your signature*


Say what?


----------



## MG (Aug 23, 2009)

It will probably work. But /bin/rc might give some problems because bash's dependencies (/usr/local/lib?) are out of reach.
To overwrite, the original /bin/sh may not be used by any process, like rc, startx or as login shell.


----------



## aragon (Aug 23, 2009)

If you compile bash statically it ought to work fine.  I don't think there is anything /bin/sh can do that bash can't, but if, over time, you get accustomed to writing /bin/sh scripts using bash syntax, you're going to run into problems moving your scripts to other systems.  Strictly speaking, /bin/sh != bash, and shouldn't be treated as such.


----------



## vermaden (Aug 23, 2009)

A good example why DO NOT use *bash* for scripts:
http://7thguard.net/news.php?id=5813 [ENGLISH]


----------



## phoenix (Aug 24, 2009)

If all you want to do is force all your console users to use bash4 so that you can log everything that they do at the shell, then just modify */etc/shells* to only specify bash4.  Then change the permissions on /bin/sh and /bin/*sh so that only root:wheel can execute them.  Finally, change everyone's login shell to bash4.

Voila!  Done.  Now all your console users are forced to use bash4 and nothing else.

*Don't mess with the base system* unless you are willing to put in all the time and effort to test, retest, test again, and fix things that break.


----------

