Shell

[Donald Wilde]

On 7/3/20, Donald Wilde <dwilde1 at gmail.com> wrote:
> On 7/2/20, Kevin P. Neal <kpn at neutralgood.org> wrote:
>> On Tue, Jun 30, 2020 at 06:33:44AM -0700, Donald Wilde wrote:
> [snip]
>>> The only concern with doing so is that doing so causes the (larger!)
>>> bash-static kernel to be used everywhere. If you have lots of regular
>>> users with console prompts, this could be painful.
>>
>> Doubtful. With static linking of executables there should be no changing
>> of
>> the executable once loaded into memory. So all users would share the same
>> "text" pages (meaning instructions).
>>
>> Now, with PIE executables I suspect this is still true, but I can't swear
>> to it. And I don't know if bash-static is PIE or not.
>
> Thanks, Kevin. I'll test that.

Yes, according to hardening check, bash (bash-static) passes all tests
including PIE, although I saw a note that address space layout
randomization (ASLR) is only a feature in the new 13-series FreeBSD.



Not sure what that portends, because the description of the Debian
variant of PIE (position-independent executable) code seems to imply
that the two go together although ASLR is not a precondition for PIE.

Here's some interesting data along the way (12-STABLE):

/bin/sh                                         163136 bytes
/bin/tcsh                                      424296 bytes
/usr/local/bin/bash(-stable)       2400432 bytes

I'll complete and test the previously described co-resident bash
situation tomorrow.

I still need to figure out "rbash"...

-- 
Don Wilde
****************************************************
* What is the Internet of Things but a system *
* of systems including humans?                     *
****************************************************