Bourne Shell Deprecated?

Home » CentOS » Bourne Shell Deprecated?
CentOS 27 Comments

Hello List,

Today someone in a meeting claimed the Bourne shell is deprecated, one of the reasons being it supposedly has security issues. Well that’s all news to me, and I cannot find anything online to corroborate the claim.
Is this true, is it a bash vs. Bourne FUD, or something else?

Thanks, Jack

27 thoughts on - Bourne Shell Deprecated?

  • There was the “Shell Shock” Vulnerability patched on the 24th of September
    2014
    Maybe this person was Misinformed after this incident. Microsoft and Ubuntu just announced BASH for Windows ( they called it Linux on Windows or something like that ).

  • there’s no Bourne shell in CentOS anyways, /bin/sh is a symlink to
    /bin/bash…

    last OS I can think of with an actual Bourne shell was Solaris.

  • ??

    [root@an-striker01 ~]# cat /etc/redhat-release CentOS release 6.7 (Final)

    [root@an-striker01 ~]# which bash
    /bin/bash

    [root@an-striker01 ~]# ls -lah /bin/bash
    -rwxr-xr-x. 1 root root 885K Sep 22 2015 /bin/bash

    [root@an-striker01 ~]# which sh
    /bin/sh

    [root@an-striker01 ~]# ls -lah /bin/sh lrwxrwxrwx. 1 root root 4 Mar 27 18:40 /bin/sh -> bash

    Same upstream on Fedora 23:

    0 root@pulsar:/home/digimer# cat /etc/redhat-release Fedora release 23 (Twenty Three)

    0 root@pulsar:/home/digimer# which bash
    /bin/bash

    0 root@pulsar:/home/digimer# ls -lah /bin/bash
    -rwxr-xr-x. 1 root root 1.1M Jan 11 06:02 /bin/bash

    0 root@pulsar:/home/digimer# which sh
    /bin/sh

    0 root@pulsar:/home/digimer# ls -lah /bin/sh lrwxrwxrwx. 1 root root 4 Jan 11 06:02 /bin/sh -> bash

  • Yes, Red Hat and most (all?) GNU/Linux distributions have used bash as far back as I can remember.

    Some of the BSDs use to have a bourne shell and maybe some do, I don’t know.

    bash is mostly compatible with bourne (can run most bourne scripts)
    which is why /bin/sh is a symlink to /bin/bash on GNU and most other
    *nix systems.

    Bourne is for all practical purposes dead.

  • when bash is invoked as /bin/sh, it reverts to more Bourne like behaviors in some circumstances where the default is not compatible.

    Most of the script developers at my $job seem to prefer ksh for serious scripting, apparently its more consistent.

  • Sorry if I wrote too fast: s/has gone/was born/. The Bourne shell seems to be still in use in FreeBSD.

    Regards,

  • Yup.

    Bash can run Bourne, but not necessarily vice versa, which can be problematic if, say, moving a Linux script to a BSD or AIX box. I
    remember something I’d done which used, IIRC, $UID, without realizing it was a bashism, instead of using id -u.

  • Scott Robbins wrote:
    know. which is why /bin/sh is a symlink to /bin/bash on GNU and most other
    *nix systems. problematic if, say, moving a Linux script to a BSD or AIX box. I
    remember something I’d done which used, IIRC, $UID, without realizing it was a bashism, instead of using id -u.

    I’ll also note that all *production* scripts were once required to be bourne, but by the mid-ninties, management was starting to mandate that they be Korn shell, instead, for many reasons – capabilities, etc. Bash –
    I don’t think I saw that till I started running RH 5.1, I think it was, about 18 years ago….

    mark

  • There is at least one good reason Bourne shell is still alive and not striving to cover all Bourne-Again shell (bash) features IMHO. Bourne shell is very well debugged, and code is much smaller, hence much less chance to have undiscovered bugs. Therefore, it should be much better security wise. Imagine you never heard about shellshock, and I ask you is it bash or is it Bourne shell, what would you bet be? (90 or 95% it is bash would be mine, – if I recollect correctly my reaction when I first heard about that).

    Just my $0.02

    Valeri

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++

  • Nope. FreeBSD (and its clones like PC-BSD) use Bourne shell for startup scripts. OpenBSD comes with Bourne shell as well (though they use ksh for system scripts if I remember it correctly). Not dead and there is a reason for that.

    Valeri

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++

  • That’s good to know. But, since there seem to be several forks of Bourne shell, currently, is there a reference for the differences between them?

    I looked for substantiation of the original claim that the bourne shell had security problems. Apparently I should have looked closer. Thanks for catching that.

  • indeed, the man for sh(1) on freebsd 10.3 says (in part)

    HISTORY
    A sh command, the Thompson shell, appeared in Version 1 AT&T UNIX. It
    was superseded in Version 7 AT&T UNIX by the Bourne shell, which inher-
    ited the name sh.

    This version of sh was rewritten in 1989 under the BSD license after the
    Bourne shell from AT&T System V Release 4 UNIX.

    AUTHORS
    This version of sh was originally written by Kenneth Almquist.

  • Interesting. Back in 1980 we called /bin/sh the Mashey shell. It did not have command substitution or other things we now take for granted.
    Bourne did that for us. So there’s a version or two missing in history…

    Jack

  • this suggests the PWB/Mashey shell was pretty short lived… https://en.wikipedia.org/wiki/PWB_shell

    derivatives of Unix Version 7 were about the first Unix version most people outside of a few universities ever saw, like I believe my first in depth exposure to Unix was 4.1BSD, on Dec VAX 11/780. I remember having to get a Unix/32V license from AT&T, then photocopy the label of the tape and fax it to Berkeley before we could get 4.1BSD from them due to licensing weirdness. I don’t remember ever even mounting that AT&T tape.

  • NetBSD 6.1.5 uses the Bourne shell by default for root logins & uses it for the rc.d system. FreeBSD 9.3 Release has it installed because it is needed for the rc.d system. All I can vouch for ….

  • From NetBSD 6.1.5:

    4256EE1 # man sh man: Formatting manual page… SH(1) General Commands Manual
    SH(1)

    NAME
    sh — command interpreter (shell)

    SYNOPSIS
    sh [-aCefnuvxIimqVEb] [+aCefnuvxIimqVEb] [-o option_name]
    [+o option_name] [command_file [argument …]]
    sh -c [-aCefnuvxIimqVEb] [+aCefnuvxIimqVEb] [-o option_name]
    [+o option_name] command_string [command_name [argument …]]
    sh -s [-aCefnuvxIimqVEb] [+aCefnuvxIimqVEb] [-o option_name]
    [+o option_name] [argument …]

    DESCRIPTION
    sh is the standard command interpreter for the system. The current
    version of sh is in the process of being changed to conform with the
    POSIX 1003.2 and 1003.2a specifications for the shell. This version has
    many features which make it appear similar in some respects to the Korn
    shell, but it is not a Korn shell clone (see ksh(1)). Only features
    designated by POSIX, plus a few Berkeley extensions, are being
    incorporated into this shell. This man page is not intended to be a
    tutorial or a complete specification of the shell.

    .
    .
    .

    HISTORY
    A sh command appeared in Version 1 AT&T UNIX. It was, however,
    unmaintainable so we wrote this one.

    BUGS
    Setuid shell scripts should be avoided at all costs, as they are a
    significant security risk.

    PS1, PS2, and PS4 should be subject to parameter expansion before being
    displayed.

    The characters generated by filename completion should probably be quoted
    to ensure that the filename is still valid after the input line has been
    processed.

    NetBSD 6.1.5 October 4, 2011 NetBSD 6.1.5
    4256EE1 #

    There was/is nothing at the end w/ any more identifying info.

    From FreeBSD 9.3R:

    [root@kabini1, /etc, 3:22:38pm] 888 % man sh SH(1) FreeBSD General Commands Manual
    SH(1)

    NAME
    sh — command interpreter (shell)

    SYNOPSIS
    sh [-/+abCEefhIimnPpTuVvx] [-/+o longname] [script [arg …]]
    sh [-/+abCEefhIimnPpTuVvx] [-/+o longname] -c string [name [arg …]]
    sh [-/+abCEefhIimnPpTuVvx] [-/+o longname] -s [arg …]

    DESCRIPTION
    The sh utility is the standard command interpreter for the system. The
    current version of sh is close to the IEEE Std 1003.1
    (“POSIX.1”) spec-
    ification for the shell. It only supports features designated by POSIX,
    plus a few Berkeley extensions. This man page is not intended to be a
    tutorial nor a complete specification of the shell.

    .
    .
    .

    HISTORY
    A sh command, the Thompson shell, appeared in Version 1 AT&T UNIX. It
    was superseded in Version 7 AT&T UNIX by the Bourne shell, which inher-
    ited the name sh.

    This version of sh was rewritten in 1989 under the BSD license after the
    Bourne shell from AT&T System V Release 4 UNIX.

    AUTHORS
    This version of sh was originally written by Kenneth Almquist.

    BUGS
    The sh utility does not recognize multibyte characters other than UTF-8.
    Splitting using IFS and the line editing library editline(3) do not rec-
    ognize multibyte characters.

    FreeBSD 9.3 January 3, 2014 FreeBSD 9.3
    [root@kabini1, /etc, 3:31:58pm] 889 %

    So FreeBSD does indeed appear to use the Almquist shell.

  • Yes. Here is excerpt from “man sh” (appears the same on FreeBSD 9.3 and
    10.3):

    A sh command, the Thompson shell, appeared in Version 1 AT&T UNIX. It
    was superseded in Version 7 AT&T UNIX by the Bourne shell, which inher-
    ited the name sh.

    This version of sh was rewritten in 1989 under the BSD license after the
    Bourne shell from AT&T System V Release 4 UNIX.

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++


  • The V1 shell was of course not Bourne’s.

    However Bourne’s code was consider “unmaintainable” as he was an algol coder, not a C coder. He had numerous macros defined to allow him to use his algol coding style with a C compiler.

    jl

  • So *that’s* what it is! I have a copy of the source (on paper). What a hoot! I thought he was trying to make C look like shell code.

    Jack

  • You would be correct. All of the BSDs and some GNU/Linux distributions use Almquist for sh if not using a symlink to bash or dash.

    In fact, the first release of Slackware in 1993 had sh as a symlink to bash.

    I’m looking at the source code for the Bourne shell as included with UNIX SVR4 (circa 1988) and it’s obvious that the version which Sun Microsystems/Oracle shipped with Solaris under the CDDL is a direct decedent.

    The license on the source code for the Bourne shell shipped with SVR4
    clearly states:

    “THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T”

    Brandon Vincent

  • PWB is the one I started with back in ’77ish. Running on Dec 11/70.

    When SCO’s Unix, which had an IBM-compatible Cobol compiler available, became available I installed on PC and over time converted our Cobol development folks to compile, debug, test on the PCs and then install on mainframe through the PDP 11/70 emulating 3270 terminal into mainframe, IIRC. Maybe by then it was a VAX 11/780.

    When Bourne’s shell came around it was a big boost for me – added a lot.

    Bill