Page 4 of 6

Re: Shellshock

Posted: Fri Oct 10, 2014 4:10 am
by foetz
smj wrote:folks coming from Linuxdom and picking up the SGI/IRIX habit will look around for bash pretty quickly. Might as well make it easier for them to indulge their new addiction, rather than creating an obstacle that prevents anybody from joining the club.

hehe yes sure. although not having a specific shell might not keep them away completely. after all people who come from linux to unix/risc do that because they want something different i'd think.
there's not much sense in sticking to bash and gcc on every platform. makes it rather pointless

Re: Shellshock

Posted: Fri Oct 10, 2014 9:48 am
by armanox
foetz wrote:
smj wrote:folks coming from Linuxdom and picking up the SGI/IRIX habit will look around for bash pretty quickly. Might as well make it easier for them to indulge their new addiction, rather than creating an obstacle that prevents anybody from joining the club.

hehe yes sure. although not having a specific shell might not keep them away completely. after all people who come from linux to unix/risc do that because they want something different i'd think.
there's not much sense in sticking to bash and gcc on every platform. makes it rather pointless


I'd rather have an up-to-date package for them to use if they so chose, rather then the ancient version on SGI Freeware being the only one.

Re: Shellshock

Posted: Fri Oct 10, 2014 10:00 am
by armanox
I've patched the bash-4.3-source with through .29 (rebuilding with .30 on my octane now). I also have patched bash-4.2-sources (since neko_bash.tardist is 4.2). (Alternate download link from Google Drive)

Re: Shellshock

Posted: Fri Oct 10, 2014 12:05 pm
by foetz
armanox wrote:I'd rather have an up-to-date package for them to use if they so chose, rather then the ancient version on SGI Freeware being the only one.

of course

Re: Shellshock

Posted: Fri Oct 10, 2014 6:46 pm
by ClassicHasClass
Proud to be a tcsh bigot, but I updated the TenFourFox bash to .30 anyway.

Re: Shellshock

Posted: Fri Oct 10, 2014 9:54 pm
by Raion-Fox
tcsh is good, but why not zsh? All the features of bash plus ksh plus some.

Re: Shellshock

Posted: Sat Oct 11, 2014 12:53 am
by smj
TeamBlackFox wrote:tcsh is good, but why not zsh? All the features of bash plus ksh plus some.

I'll speak as a confessed tcsh fan and former consultant/sysadmin - laziness. I took to csh when I first got access to 4.3BSD and SunOS 3 systems, and tcsh was already in circulation - years before I ever heard of zsh, even a couple years before the first version was written at Princeton. And if I have to deal with a system that doesn't have tcsh, it almost always has csh, and all I'd really notice I've lost is command line history and some prompt setting magic.

Now that all shells are everywhere by default, I suppose I'm just a dinosaur not to invest the time... Well, right: laziness. :lol:

Re: Shellshock

Posted: Sat Oct 11, 2014 8:41 am
by ClassicHasClass
In my case, tcsh works, is easy to get, doesn't change much, and I'm used to it. It hasn't cheesed me off enough to look at another shell.

Plus, as a product of the University of California, csh syntax is now wired into my brain.

Re: Shellshock

Posted: Sat Oct 11, 2014 9:54 am
by josehill
I'm in the same boat as smj and Classy, even though I'm an east coast guy, not a California dude.

The first system I used in earnest used tcsh as the default shell, so that was the first shell I truly learned, instead of merely tinkered with. Now, tcsh just fits like a glove, and I can't remember the last time I needed to do something and I didn't know how to do it with tcsh. There may be shells that are better for some purposes or more feature rich than tcsh, but it's unlikely that the effort required to learn something as well as I currently know tcsh would actually reap sufficient rewards in increased productivity. I have bigger problems than shell selection these days. :)

Re: Shellshock

Posted: Sat Oct 11, 2014 11:32 am
by SAQ
Another Tenex C/ZSH fan here, too.

Trying to recall what the deal was with writing scripts running on csh. I seem to recall dire warnings of impending doom being circulated at one point, along with reminders to use !#/bin/sh.

Re: Shellshock

Posted: Sat Oct 11, 2014 3:17 pm
by smj
SAQ wrote:Trying to recall what the deal was with writing scripts running on csh. I seem to recall dire warnings of impending doom being circulated at one point, along with reminders to use !#/bin/sh.

Yes, that was a very strongly held belief - but after 20 years I'm also having a little trouble remembering why. Based on some sketchy Googling, I'm guessing it's based on SUID use being risky because of how csh selects the home directory to read dot-files from at startup. There may also be something about how the environment is inherited, or how shell variables are initialized...?

If you've got time, it looks like Matt Bishop released an update in 2009 of a security review he did on UNIX in the 80s. Grab a copy of the PDF here. It has some detail on the SUID issue, at minimum.

Re: Shellshock

Posted: Sat Oct 11, 2014 3:42 pm
by kjaer
setuid is dangerous on any shell script, not just those with csh. but csh is also poor for programming.

http://www-uxsup.csx.cam.ac.uk/misc/csh.html

On another note, I'm always amazed when an experienced UNIX user claims program x can't do y, when what he really means is, he never bothered to find out how. Most frequently, I encounter this around vi ("but I NEED vim to copy & paste!"), but... csh has always had command line history.

Re: Shellshock

Posted: Sat Oct 11, 2014 4:30 pm
by robespierre
i use tcsh as a login shell, but i've never liked it for scripts. just a dim feeling that it wasn't very clean. when i had to write some scripts to recover a lost file, i used ksh.

Re: Shellshock

Posted: Sat Oct 11, 2014 4:39 pm
by smj
kjaer wrote:but... csh has always had command line history.

More laziness - should I describe it as "interactive access to command history using editing key sequences?" That was what looked like a step backwards from what was available from VMS - doubtless other systems too (TOPS, TENEX, etc), but that was the mini OS I was using immediately prior, and I don't think any of the micro OSes I was using up to that time had it.

But yes, of course csh had command history - one of the primary reasons I preferred csh over sh in the first place was the history, as accessed through constructs like "!23" or "!-2" or "^sh^s" ...

Re: Shellshock

Posted: Sat Oct 11, 2014 5:51 pm
by foetz
kjaer wrote:setuid is dangerous on any shell script, not just those with csh. but csh is also poor for programming.

http://www-uxsup.csx.cam.ac.uk/misc/csh.html

a classic issue of dispute which, as that page shows, can get very emotional. but fortunately it's quite easy.
if what you wanna do works with csh and you wanna do it with csh then it's fine. otherwise use ksh.