Stories
Slash Boxes
Comments

SoylentNews is people

Harvard Researchers Take Aim at Shellshock-like Woes with New Scripting Language

posted by n1 on Saturday September 27 2014, @11:05AM   Printer-friendly
from the shill-adds-value dept.

AnonTechie writes:

Joab Jackson at PC World reports:

While administrators scramble to fix the newly discovered Shellshock vulnerability, Harvard University researchers are putting the finishing touches on a scripting language built to mitigate the damage caused by such holes.

The language, called Shill, was designed to limit shell-based scripts so they can’t access resources beyond what is specifically needed for the task at hand.

“You want to give the script exactly the permissions it needs to get its job done,” said Scott Moore, a computer science doctoral student at Harvard who is one of the contributors to the Shill research project, led by Stephen Chong, an associate professor of computer science.

The team is working on a version of Shill for the FreeBSD Unix operating system and is mulling the idea of porting it to Linux. The team will also present the technology next week at the USENIX Symposium on Operating Systems Design and Implementation conference USENIX Symposium on Operating Systems Design and Implementation conference, in Broomfield, Colorado.

 
This discussion has been archived. No new comments can be posted.
Harvard Researchers Take Aim at Shellshock-like Woes with New Scripting Language | Log In/Create an Account | Top | 32 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Saturday September 27 2014, @02:53PM

    by Anonymous Coward on Saturday September 27 2014, @02:53PM (#98911)

    Sigh. When you're a Unix guy, the world looks like -rwxrwxrwx.

    People don't want executables downloaded from an untrusted source to have the all same rights as a non-root user, though.

  • (Score: 1) by pnkwarhall on Saturday September 27 2014, @08:45PM

    by pnkwarhall (4558) on Saturday September 27 2014, @08:45PM (#98976)
    It's not root vs non-root -- all non-root users are not equivalent. you can give a user any permissions you want, down to permission to 'rwx' to one directory, or a collection of specified directories. I think that seems like a pretty simple (i.e. easy to use and understand) "sandboxing" method. IANA Unix Expert (and don't know jack about Windows permissions) -- so please respond in an educational way -- but creating a user that has access to only the directories it needs (and having the script run as that user) seems like a simple-enough solution**.

    **Obviously in practice this is probably easier said than done, with complicated scripts needing access to many resources. Maybe this is the issue being referred to. As it stands, I'm off to read about ShellShock!
    --
    Lift Yr Skinny Fists Like Antennas to Heaven