On Sat, Mar 16, 2013 at 6:28 PM, Chris Down <ch...@chrisdown.name> wrote: > On 2013-03-16 12:13, Chet Ramey wrote: >> > If it cannot be removed, then some people are using it with the false >> > expectation that it provides some increased security. Better to get >> > rid of that than have someone think it is worth the extra bytes it takes >> > to implement. >> >> Folks cling tightly to their ideas about what should and should not be in >> bash and how it should behave. I'm comfortable with leaving the restricted >> shell feature in the current state and allowing users or distributions to >> disable it at their option. The `bloat' is not significant enough to be a >> factor. > > I agree in general, however, I would be in favour of at least adding something > to the man page that indicates rbash should not be considered secure except in > very specific implementations. I've dealt with too many people that falsely > think it increases security (although, whether these are the sort of people to > read man pages over ill-informed garbage on some guy's "Linux blog", I don't > know). > > Chris
I don't think the manual gives this impression as it is. It doesn't say "secure" but "more controlled" and I think the way it is described really force the possible user to think about what rbash really provides.
