WDYM by secure?

[mmlb]

The readme's first line states

Have you ever wished your shell scripts could be faster, more portable, and secure?

What do you mean by secure? Does bunster intend to avoid bash footguns (i.e. error handling, quotes...) or something else?

[yassinebenaid]

More secure doesn't mean the program itself is secure. May be it is, it's compiled to a binary, no one can read it, hence, it is unpredictable.

More secure means the environment is secure. Because bunster builds static binaries that don't depend on any shell. You can safely use them in an environment where the shell doesn't exist. For example, some people prefer to disable or even remove the shell in cloud servers.

regarding the problem with quoting. The answer is yes.

Bunster will try to improve how certain operations are applied. to avoid the bottlneck of quotes.

[mmlb]

Gotcha thanks for the info, a few notes:

More secure doesn't mean the program itself is secure. May be it is, it's compiled to a binary, no one can read it, hence, it is unpredictable.

Security through obscurity is not secure.

More secure means the environment is secure. Because bunster builds static binaries that don't depend on any shell. You can safely use them in an environment where the shell doesn't exist. For example, some people prefer to disable or even remove the shell in cloud servers.

I would describe this as portable instead.

regarding the problem with quoting. The answer is yes.

Bunster will try to improve how certain operations are applied. to avoid the bottlneck of quotes.

Good to hear, though now it seems like we're talking about a bash dialect instead (which is very much wanted I would think). It would be great to see this in the README.

[yassinebenaid]

Security through obscurity is not secure.

May be for the user who wrote the code. But, for others, it is indeed security. In many cases, if you have a script in a server, if someone gained access to the server, they can read the script. But that's not true if the script is binary.

I would describe this as portable instead.

Nop, it is security. I don't mean that they can run the program without a shell, that's true though, But it's not what I meant. I mean that in some cases, people intentionally remove or disable the shell on cloud servers due to security risks that they bring. In such cases, they cannot run scripts on the server, so they fallback to using other languages. This is what bunster solves.

Good to hear, though now it seems like we're talking about a bash dialect instead (which is very much wanted I would think). It would be great to see this in the README.

Yep, will do soon. I just need to confirm which operations to alter. I don't want to break compatibility with bash. unless it worth it.

[matthewpersico]

Security through obscurity is not secure.

May be for the user who wrote the code. But, for others, it is indeed security. In many cases, if you have a script in a server, if someone gained access to the server, they can read the script. But that's not true if the script is binary.

Because no one can reverse engineer a binary? Don’t be so sure. It is much more secure than a text file. But not completely secure.

[yassinebenaid]

Totally agree. It's possible to reverse engineer the binary. Not easy but possible. But I think we're OK with the level of security provided at the moment.

Also, as stated before, we're more interested in securing the environment than the program itself. If the shell doesn't exist. That is enough to save us from a lot of vulnerabilities.

And again, security is not the only thing bunster offers. While it is an important aspect. it's just one of many features.