Story 2014-09-26 2SYV Bash vulnerabilities got you down? Harvard researchers propose: "Shill"

Bash vulnerabilities got you down? Harvard researchers propose: "Shill"

in code on (#2SYV)
The worm and/or vulnerability they're now calling "Shellshock" has soured sysadmins on the Bash shell for the moment, and brought attention to a new point of entry for web-based server penetration attacks. Fortunately some researchers at Harvard have been thinking about problems like this and have come up with a solution.
It's a new scripting language called "Shill" and it's intended to limit the resources and privileges scripts have when running.
The language, called Shill, was designed to limit shell-based scripts so they can't access resources beyond what is specifically needed for the task at hand. "You want to give the script exactly the permissions it needs to get its job done," said Scott Moore, a computer science doctoral student at Harvard who is one of the contributors to the Shill research project, led by Stephen Chong, an associate professor of computer science.

The team is working on a version of Shill for the FreeBSD Unix operating system and is mulling the idea of porting it to Linux. The team will also present the technology next week at the USENIX Symposium on Operating Systems Design and Implementation conference, in Broomfield, Colorado. Shill follows the principle of least privilege, which stipulates that software shouldn't posses more authority than what it needs to complete its job, Moore said.
Sounds like this might be useful for more reasons than simple exploit prevention, too!
Reply 2 comments

Reinventing the wheel (Score: 2, Insightful)

by on 2014-09-26 13:30 (#2SYY)

Isn't this the whole point of SELinux, AppArmor and a host of other security policy enforcement systems we already have? It's already enough of a challenge organizing/debugging the interaction between the current layers of enforcement, without adding yet another one.

Sounds like systrace... (Score: 2, Interesting)

by on 2014-09-26 14:58 (#2SZ0)

From the description, I can't see how this is different from the old Systrace program:

And if you will recall, that ended suddenly, in tears: