Unix shell story

14
Quyen Le Van 23 rd July 2015 Hanoi, Vietnam Unix Shell Story

Transcript of Unix shell story

Page 1: Unix shell story

Quyen Le Van23rd July 2015Hanoi, Vietnam

Unix Shell Story

Page 2: Unix shell story

Broadlinux | Linux of Things

Agenda History of Shell About Bourne-Again Shell BASH Issues

2

Page 3: Unix shell story

Broadlinux | Linux of Things

HISTORY OF SHELL

3

The world before Shell

Page 4: Unix shell story

Broadlinux | Linux of Things

The Origin of the Shell “After having written dozens of commands for CTSS, I reached the stage

where I felt that commands should be usable as building blocks for writing more commands, just like subroutine libraries”.

Louis Pouzin created for CTSS (The Compatible Time-Sharing System) a command called RUNCOM, which executed a list of commands contained in a file.

The idea of using commands somehow like a programming language, makes him write a paper explaining how the Multics command language could be designed with this objective. And he coined the word "shell" to name it.

4

1964

|

RUNCOM

1963

|

StartMultics

1965

|

Multics shell

1977

|

Bourne shellby Stephen Bourne

1971

|

V6 shell1st UNIX Shell

by Ken Thompson

1969

|

Start UNIX

1960s

|

CTSS

1991

|

LINUXby Linus Torvalds

Page 5: Unix shell story

Broadlinux | Linux of Things

ABOUT BOURNE-AGAIN SHELL

5

Go deeply inside BASH Shell

Page 6: Unix shell story

Broadlinux | Linux of Things

BASH Shell Architecture Bash processing is much like a shell pipeline: after being read from the

terminal or a script, data is passed through a number of stages, transformed at each step, until the shell finally executes a command and collects its return status.

6

Page 7: Unix shell story

Broadlinux | Linux of Things

Shell Built-in Commands These builtin commands are part of the shell, and are implemented as part

of the shell's source code to maintain or modify the shell's internal state. The shell recognizes that the command that it was asked to execute was

one of its builtins, and it performs that action on its own, without calling out to a separate executable.

Different shells have different builtins, though there will be a whole lot of overlap in the basic set.

7

<>

$ echo $SHELL/bin/bash

$ which printf/usr/bin/printf

$ printfprintf: usage: printf [-v var] format [arguments]

$ /usr/bin/printf /usr/bin/printf: missing operandTry `/usr/bin/printf --help' for more information.

Page 8: Unix shell story

Broadlinux | Linux of Things

Simple Command Execution Simple commands are the ones most commonly encountered. When presented a command name that is not the name of a shell function

or builtin, bash searches the filesystem for an executable file with that name The value of the PATH variable is used as a colon-separated list of directories in

which to search. Command names containing slashes (or other directory separators) are not

looked up, but are executed directly. If bash finds a file to execute, it forks and creates a new execution

environment, and executes the program in this new environment.

8

Shell environment

Subshell environment

I/O redirection

Spawns/fork/sbin/chmod 777 foo

chmod(“foo”, 777)

Page 9: Unix shell story

Broadlinux | Linux of Things

BASH ISSUES

9

Weakness of BASH Shell

Page 10: Unix shell story

Broadlinux | Linux of Things

Shellshock (AKA Bashdoor) A family of security bugs in the widely used Unix Bash shell (< 4.3.028), the

first of which was disclosed on 24 September 2014. Vulnerability in Bash executes trailing string after environment variable

definition To exploit simply insert malicious commands as part of a string that will be

put in an environment variable given to Bash Current exploits in the wild downloads rootkits, command and control

servers, DoS and download malware Attack Vectors: HTTP, DHCP, SIP, FTP, SMTP, SSHD, OpenVPN, Reverse

DNS

10

Page 11: Unix shell story

Broadlinux | Linux of Things

BASH Injection via HTTP Injection is an entire class of attacks that rely on injecting data into a web

application in order to facilitate the execution or interpretation of malicious data in an unexpected manner.

11

abc

http://

<div> <value>abc; cat /ect/passwd;</value></div>

system(“echo %s > /some_file”, value);

echo abc; cat /etc/passwd; > /some_file

1

2

3

lighthttpd

Page 12: Unix shell story

Copyright© 2014 DASAN Networks, Inc.

”It became possible to go home in the evening while leaving behind long runcoms executing overnight.”

LOUIS POUZIN1931, France

Page 13: Unix shell story

Broadlinux | Linux of Things

Reference Introduction to the Unix shell history,

http://www.softpanorama.org/People/Shell_giants/introduction.shtml The origin of the Shell, http://www.multicians.org/shell.html Evolution of shells in Linux http://www.ibm.com/developerworks/library/l-linux-shells/ The Bourne-Again Shell, http://www.aosabook.org/en/bash.html Explain Shell website, http://explainshell.com/ Unix, https://en.wikipedia.org/wiki/Unix The IBM 7094 and CTSS, http://www.multicians.org/thvv/7094.html What are built-in commands in linux,

http://stackoverflow.com/questions/3192373/what-are-shell-built-in-commands-in-linux

Some nifty shell tricks, http://www.ibm.com/developerworks/aix/tutorials/au-unixtips4/ Shellshock Explained, http://learning.criticalwatch.com/shellshock/ Inside Shellshock, https://blog.cloudflare.com/inside-shellshock/

13

Page 14: Unix shell story

Broadlinux | Linux of Things 14

Thank you!