Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Harvard researchers take aim at Shellshock-like woes with new scripting language

Joab Jackson | Sept. 26, 2014
While administrators scramble to fix the newly discovered Shellshock vulnerability, Harvard University researchers are putting the finishing touches on a scripting language built to mitigate the damage caused by such holes.

"It's dangerous because this Bash script that you created to generate a Web page can also be used to launch a new shell or exploit other vulnerabilities in the system," Moore said.

Shill would limit what can be done with any particular script. "Even if someone is able to inject some commands, they are still limited to the initial set of permissions that the script had in the beginning," Moore said.

In a way, Shill is similar to SE Linux, a National Security Agency technology embedded in Linux that is widely used to restrict what programs can do on a computer. SE Linux is used to establish a computerwide policy, while Shill confines the policies to the particular script executing the task, Moore said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.