On 2013-03-16 12:13, Chet Ramey wrote: > > If it cannot be removed, then some people are using it with the false > > expectation that it provides some increased security. Better to get > > rid of that than have someone think it is worth the extra bytes it takes > > to implement. > > Folks cling tightly to their ideas about what should and should not be in > bash and how it should behave. I'm comfortable with leaving the restricted > shell feature in the current state and allowing users or distributions to > disable it at their option. The `bloat' is not significant enough to be a > factor.
I agree in general, however, I would be in favour of at least adding something to the man page that indicates rbash should not be considered secure except in very specific implementations. I've dealt with too many people that falsely think it increases security (although, whether these are the sort of people to read man pages over ill-informed garbage on some guy's "Linux blog", I don't know). Chris
pgpqJp_1SPaUo.pgp
Description: PGP signature
