method scripts language choice

John (J5) Palmieri johnp at redhat.com
Tue Feb 14 12:58:42 PST 2006


On Tue, 2006-02-14 at 11:31 -0800, Artem Kachitchkine wrote:
> I get this schizophrenic vibe about these scripts: they are not pretty, 
> certainly not trivial, so the only reasons I can think of for using 
> shell are:
> 
> 1. allow admins tweak them; or
> 2. it's an interim solution, will be rewritten in C.

I doubt they would be rewritten in C. Perl, Python, you take your pick
would be better but so far they have been written in bash.

> The former doesn't seem like a good administration interface - we want 
> any customization to be done data-driven via gconf/whatever, not 
> code-driven.

Admins tweaking them isn't the issue.  Allowing admins to write their
own handlers sounds good though.

> Another concern is that these scripts are on the line of attack. As far 
> as I can tell, securing shell code secure is harder than C code and a 
> few security experts I mentioned "shell scripts run as root by a daemon" 
> to invariably go "Ewww".

I guess init.d sucks then.  Well actually it does but not for that
reason.  C is much harder to get right though shell does make it easier
to be sloppy.  Trade offs.  Nothing is perfect.  The biggest problem
with scripts is to make sure we hard code paths to all the commands.
BTW most of the scripts simply check a couple of things then exec
another script or app.

-- 
John (J5) Palmieri <johnp at redhat.com>



More information about the hal mailing list