Joab Jackson at PC World reports:
While administrators scramble to fix the newly discovered Shellshock vulnerability, Harvard University researchers are putting the finishing touches on a scripting language built to mitigate the damage caused by such holes.
The language, called Shill, was designed to limit shell-based scripts so they can’t access resources beyond what is specifically needed for the task at hand.
“You want to give the script exactly the permissions it needs to get its job done,” said Scott Moore, a computer science doctoral student at Harvard who is one of the contributors to the Shill research project, led by Stephen Chong, an associate professor of computer science.
The team is working on a version of Shill for the FreeBSD Unix operating system and is mulling the idea of porting it to Linux. The team will also present the technology next week at the USENIX Symposium on Operating Systems Design and Implementation conference USENIX Symposium on Operating Systems Design and Implementation conference, in Broomfield, Colorado.
(Score: 4, Insightful) by cafebabe on Saturday September 27 2014, @11:42AM
It is an interesting concept to provide capabilities (split privileges) in a script interpreter. However, I was hoping that Shellshock would spur interest in a capabilities at the level of an Operating System. For example, dhclient requires privileges to modify the routing table. It does not require privileges to execute rm -rf /*
1702845791×2
(Score: 4, Insightful) by present_arms on Saturday September 27 2014, @11:54AM
Luckily I don't use DHClient or HTTP or SSH :D I do have bash updated though :)
http://trinity.mypclinuxos.com/
(Score: 3, Insightful) by Anonymous Coward on Saturday September 27 2014, @12:00PM
Look how well permissions/privileges/capabilities/whatever-the-fuck-you-want-to-call-them have worked on Android: not very well at all. Apps will ask for or require more than they actually probably legitimately need. Users will want to use the app, so they'll grant it whatever rights it wants, security be damned! It's a friggin' disaster!
(Score: 5, Informative) by cafebabe on Saturday September 27 2014, @12:55PM
I've made my position clear about app permissions being ineffective in the context of social network peer pressure [soylentnews.org] and also providing fake I/O or reduced accuracy to intrusive apps [soylentnews.org]. Some privilege separation occurs with apps. For example, on some platforms, each installed app has a separate Unix UID [stackoverflow.com]. However, too many features on too many platforms depend upon a miscellaneous root privilege. So, it does not invalidate the concern that elevated privileges to modify a routing table should not be conflated with elevated privileges to modify a filing system.
1702845791×2
(Score: 4, Interesting) by frojack on Saturday September 27 2014, @06:38PM
privileges to modify a routing table should not be conflated with elevated privileges to modify a filing system.
Except that in 'nix, everything is (mapped as) a file.
Still, this isn't about Android, which doesn't run bash, its about any random 'nix system which does. There are already a bunch of alternative shells, even something called rbash (which is symlinked to bash unfortunately) that provide this type of restriction on what can be done.
Ultimately, what everyone had done is simply scanned the codebase for calls to bash, and assumed each of them is a vulnerability. That is not true. Just because dhclient needs to adjust the routing table does not mean that you can pass a bogus line of random code and it will dutifully attempt to use that. The people who wrote dhclient are not the same idiots as people who wrote web servers. No one has demonstrated a bash related exploit via anything but a web server at this point.
No, you are mistaken. I've always had this sig.
(Score: 1, Insightful) by Anonymous Coward on Saturday September 27 2014, @11:51AM
Security is important, but computers also need to be able to work for people. This is where so many security folks get it really damn wrong. Their ideas have a reasonable basis, and the software or techniques provide a useful outcome, but then they're usually goddamn inconvenient to use. The only security ideas that get good traction are the ones that are relatively simple and non-intrusive, like UNIX file permissions and SSL/TLS. Beyond that and people just end up not using them, or actively find ways to bypass or disable them.
A secure scripting language is a great idea, but it needs to be convenient to use. Scripters aren't going to use this scripting language if it means they can't do exactly what they need to do right away, even if some security is lost.
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @02:53PM
> Beyond that and people just end up not using them, or actively find ways to bypass or disable them.
Bingo. Bad security is about locking shit down. Good security is about making it easy to do the right thing.
(Score: 0, Offtopic) by Anonymous Coward on Saturday September 27 2014, @11:53AM
This sounds great, but how is it going to deal with the systemd problem? Systemd is the biggest threat that infects, or is going to soon infect, many Linux systems. A relatively small bug in some obscure bash functionality is one thing, but systemd takes it to a whole new level! How is this scripting language going to get systemd out of the picture?
(Score: 2, Informative) by Anonymous Coward on Saturday September 27 2014, @01:00PM
http://www.debianuserforums.org/viewtopic.php?f=12&t=3031 [debianuserforums.org]
Mullings of a debian fork...
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @01:10PM
Holy shit. This is big news, and good news. I just can't believe how much destruction systemd manages to bring anywhere it goes. It has helped kill the GNOME project. It has severely screwed up Fedora, and will kill Ubuntu and Debian.
(Score: 2, Interesting) by Anonymous Coward on Saturday September 27 2014, @01:23PM
Spread the news please. Many people are needed, separate repos, and experience.
It won't happen without all of us.
We need a community distro again. Debian proper is in the hands of redhat and canonical employees/associates.
All dissent is banned on their mailing lists and regular forums.
Please spread the word.
(Score: 3, Insightful) by Hairyfeet on Saturday September 27 2014, @09:08PM
It does bring up an interesting thing though, which is ultimately of greater benefit to the end users...a meritocracy where those at the top obviously have contempt and scorn of the end users (because ultimately they are beholden to the corps that pay the bills NOT the end users who pay $0) or the corporate model where the end user can at least "vote with their wallet" and cause actual harm to those that do not listen? Because at least from where I sit it looks like the Windows end users have more power to affect change than the Linux users do, if enough people vote with their wallets sales of Windows tank, bad press builds, stock price goes down, building further bad press...we saw this work very well with the killing of Metro. Contrast this with what is going on with Linux, where the users have gotten banned and posts deleted and the big distros are making it clear they really do not care what the end users want. At the end of the day the distros are NOT supported by the end users, they are supported by the server sales and support contracts, so how can users affect change? From the looks of it short of writing their own OS they really can't.
BTW if you are REALLY gonna try to fork the OS away from them you are gonna need a catchphrase, something to rally the troops behind "like "fuck beta" did for the creation of this site and never let it be said that old hairy doesn't stand for the users against corporate douchebaggery so let me give ya one that is simple, catchy, and to the point..
Systemd..its the Metro of Linux!
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @10:26PM
The parent shouldn't be modded 0, Offtopic. Systemd is one of the most on-topic things in any discussion about any topic.
(Score: 4, Funny) by LookIntoTheFuture on Saturday September 27 2014, @11:54AM
The team is working on a version of Shill for the FreeBSD Unix operating system and is mulling the idea of porting it to Linux.
Why bother? Eventually systemd will absorb it anyway.
(Score: 1, Insightful) by Anonymous Coward on Saturday September 27 2014, @12:50PM
s/absorb/fork and redesign (badly)/
Imagine *shudders*
(Score: 2) by Marand on Saturday September 27 2014, @12:54PM
Absorb which? FreeBSD, Unix, Shill, or Linux?
(Answer: yes)
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @12:49PM
Why bother? Bash users use Linux.
# uname
FreeBSD
# grep bash /etc/passwd | wc -l
0
#
(Score: 4, Insightful) by doublerot13 on Saturday September 27 2014, @01:47PM
Only Harvard would see wisdom in creating a new language full of bugs in order to kill one bug in an old stable one.
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @01:59PM
Can you show us an example of a new bug in this software?
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @02:11PM
Can you prove to them that it is has no more bugs than bash/zsh/ksh/etc?
See how pointless your troll comment was now?
New languages are always less tested and bug free than old stable languages. This is common sense to any experienced programmer.
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @02:20PM
See how pointless your troll comment was now?
Calm down. Running scripts in sandboxes is an interesting idea, an approach that I expect will be widely adopted eventually, although Shill may or may not be the winner in the race.
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @02:31PM
Scripts don't have to be sandboxed. They follow the same permissions model and everything else in the OS. If you don't want it to have root priv, don't run it as root. Pretty simple, no?
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @02:53PM
Sigh. When you're a Unix guy, the world looks like -rwxrwxrwx.
People don't want executables downloaded from an untrusted source to have the all same rights as a non-root user, though.
(Score: 1) by pnkwarhall on Saturday September 27 2014, @08:45PM
**Obviously in practice this is probably easier said than done, with complicated scripts needing access to many resources. Maybe this is the issue being referred to. As it stands, I'm off to read about ShellShock!
Lift Yr Skinny Fists Like Antennas to Heaven
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @07:37PM
He said it was "a new language full of bugs". So the least he can do is provide links to bug reports of some sort.
Look, this isn't reddit. We don't just make unsubstantiated claims here. We back up our claims with real evidence. He needs to provide proof for his allegations.
(Score: 0) by Anonymous Coward on Saturday September 27 2014, @10:36PM
All software projects go through alpha and beta testing before release because of the reality that bugs exist in any thing new and untested. This is software engineering 101. You and your friend have to know at least this. If you seek evidence of this look at Apple's iOS8 release(s), and the subsequent bricking of phones due to inadequate testing...and before that Windows Phone bricking, and on and on.
(Score: -1, Flamebait) by Anonymous Coward on Sunday September 28 2014, @01:18AM
Cut this vague crap. He and you need to give us direct links to these bug reports, or you guys need to apologize. We deal in facts, no idle speculation. Give us facts, or give us apologies. Now.
(Score: 2) by LookIntoTheFuture on Sunday September 28 2014, @02:25AM
Cut this vague crap. He and you need to give us direct links to these bug reports, or you guys need to apologize. We deal in facts, no idle speculation. Give us facts, or give us apologies. Now.
Who do you think you are?
(Score: 0) by Anonymous Coward on Sunday September 28 2014, @03:22AM
I'm somebody who wants you fools to provide some goddamn links to the goddamn bug reports for the goddamn bugs you fools keep claiming exist!
Like I said, cut the crap. Give us the links or shut the hell up. Don't make allegations if you can't prove them.
(Score: 2) by LookIntoTheFuture on Sunday September 28 2014, @05:38AM
Personal attacks are a great way to get what you want. Especially on the internet.
(Score: 0) by Anonymous Coward on Sunday September 28 2014, @11:36AM
I'm still not seeing any links to the bug reports. Get on it, please. Provide us proof that these bugs actually exist, or retract your false allegations.
(Score: 3, Interesting) by darkfeline on Sunday September 28 2014, @02:29AM
shill
noun
1. an accomplice of a hawker, gambler, or swindler who acts as an enthusiastic customer to entice or encourage others. "a megamillionaire who makes more money as a shill for corporate products than he does for playing basketball"
verb
1. act or work as a shill.
Join the SDF Public Access UNIX System today!