Harvard researchers take aim at Shellshock-like woes with new scripting language

The Shill scripting language limits the rights of shell programs to what is necessary to get the job done

Shellshock vulnerability test for Bash

Shellshock vulnerability test for Bash

While administrators scramble to fix the newly discovered Shellshock vulnerability, Harvard University researchers are putting the finishing touches on a scripting language built to mitigate the damage caused by such holes.

The language, called Shill, was designed to limit shell-based scripts so they can't access resources beyond what is specifically needed for the task at hand.

"You want to give the script exactly the permissions it needs to get its job done," said Scott Moore, a computer science doctoral student at Harvard who is one of the contributors to the Shill research project, led by Stephen Chong, an associate professor of computer science.

The team is working on a version of Shill for the FreeBSD Unix operating system and is mulling the idea of porting it to Linux. The team will also present the technology next week at the USENIX Symposium on Operating Systems Design and Implementation conference, in Broomfield, Colorado.

Shill follows the principle of least privilege, which stipulates that software shouldn't posses more authority than what it needs to complete its job, Moore said.

Unix-based systems, such as Linux and Apple's OS X, already come with rigorous permission systems, based on the user and any groups to which the user is assigned. The weakness in this approach is that any programs run by the user inherit all the permissions assigned to that user and that group.

"The idea of Shill is to give you control over what you want a program or script to access," Moore said. For instance, if someone writes a script for the Bash shell to work within a particular directory, then Shill can ensure the script can access only that directory and not all of the directories that the user can access. A shell is a user interface, either a graphical interface or, in Bash's case, a command line interface. A shell script is a set of commands, encapsulated in a file, that the shell understands and can execute automatically when the file is run by the operating system.

"Most scripting languages, such as Bash, don't give you a way to figure out what the script is going to do. Everything is buried inside the code," said Christos Dimoulas, a Harvard graduate student also on the development team. "Shill, in contrast, comes with specific interfaces that make it extremely easy to declare and enforce exactly what the script is going to do."

Shill received a bump in publicity as news of the Shellshock vulnerability roiled through the Linux system administrator community. Shill could be used to prevent Shellshock-like vulnerabilities, Moore said.

Shellshock is a command injection vulnerability, in which a malicious attacker could inject their own commands into a Bash shell script, giving permissions to do whatever the user of that script has permissions to do on that system.

"It's dangerous because this Bash script that you created to generate a Web page can also be used to launch a new shell or exploit other vulnerabilities in the system," Moore said.

Shill would limit what can be done with any particular script. "Even if someone is able to inject some commands, they are still limited to the initial set of permissions that the script had in the beginning," Moore said.

In a way, Shill is similar to SE Linux, a National Security Agency technology embedded in Linux that is widely used to restrict what programs can do on a computer. SE Linux is used to establish a computerwide policy, while Shill confines the policies to the particular script executing the task, Moore said.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags harvard universitysoftwaresystem management

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?