The historical story of Shell in UNIX

1. Quyen Le Van
23rd July 2015
Hanoi, Vietnam
Unix Shell Story

2. Broadlinux | Linux of Things
Agenda
 History of Shell
 About Bourne-Again Shell
 BASH Issues
2

3. Broadlinux | Linux of Things
HISTORY OF SHELL
3
The world before Shell

4. Broadlinux | Linux of Things
The Origin of the Shell
 “After having written dozens of commands for CTSS, I reached the stage
where I felt that commands should be usable as building blocks for writing
more commands, just like subroutine libraries”.
 Louis Pouzin created for CTSS (The Compatible Time-Sharing System) a
command called RUNCOM, which executed a list of commands contained
in a file.
 The idea of using commands somehow like a programming language,
makes him write a paper explaining how the Multics command language
could be designed with this objective. And he coined the word "shell" to
name it.
4
1964
|
RUNCOM
1963
|
Start
Multics
1965
|
Multics
shell
1977
|
Bourne shell
by Stephen Bourne
1971
|
V6 shell
1st UNIX Shell
by Ken Thompson
1969
|
Start
UNIX
1960s
|
CTSS
1991
|
LINUX
by Linus
Torvalds

5. Broadlinux | Linux of Things
ABOUT BOURNE-AGAIN SHELL
5
Go deeply inside BASH Shell

6. Broadlinux | Linux of Things
BASH Shell Architecture
 Bash processing is much like a shell pipeline: after being read from the
terminal or a script, data is passed through a number of stages, transformed
at each step, until the shell finally executes a command and collects its
return status.
6

7. Broadlinux | Linux of Things
Shell Built-in Commands
 These builtin commands are part of the shell, and are implemented as part
of the shell's source code to maintain or modify the shell's internal state.
 The shell recognizes that the command that it was asked to execute was
one of its builtins, and it performs that action on its own, without calling out
to a separate executable.
 Different shells have different builtins, though there will be a whole lot of
overlap in the basic set.
7
<>
$ echo $SHELL
/bin/bash
$ which printf
/usr/bin/printf
$ printf
printf: usage: printf [-v var] format [arguments]
$ /usr/bin/printf
/usr/bin/printf: missing operand
Try `/usr/bin/printf --help' for more information.

8. Broadlinux | Linux of Things
Simple Command Execution
 Simple commands are the ones most commonly encountered.
 When presented a command name that is not the name of a shell function
or builtin, bash searches the filesystem for an executable file with that name
 The value of the PATH variable is used as a colon-separated list of directories in
which to search.
 Command names containing slashes (or other directory separators) are not
looked up, but are executed directly.
 If bash finds a file to execute, it forks and creates a new execution
environment, and executes the program in this new environment.
8
Shell
environment
Subshell
environment
I/O redirection
Spawns/fork
/sbin/chmod 777 foo
chmod(“foo”, 777)

9. Broadlinux | Linux of Things
BASH ISSUES
9
Weakness of BASH Shell

10. Broadlinux | Linux of Things
Shellshock (AKA Bashdoor)
 A family of security bugs in the widely used Unix Bash shell (< 4.3.028), the
first of which was disclosed on 24 September 2014.
 Vulnerability in Bash executes trailing string after environment variable
definition
 To exploit simply insert malicious commands as part of a string that will be
put in an environment variable given to Bash
 Current exploits in the wild downloads rootkits, command and control
servers, DoS and download malware
 Attack Vectors: HTTP, DHCP, SIP, FTP, SMTP, SSHD, OpenVPN, Reverse
DNS
10

11. Broadlinux | Linux of Things
BASH Injection via HTTP
 Injection is an entire class of attacks that rely on injecting data into a web
application in order to facilitate the execution or interpretation of malicious
data in an unexpected manner.
11
abc
http://
<div>
<value>abc; cat /ect/passwd;</value>
</div>
system(“echo %s > /some_file”, value);
echo abc; cat /etc/passwd; > /some_file
1
2
3
lighthttpd

12. Copyright© 2014 DASAN Networks, Inc.
”It became possible to go home in the evening while
leaving behind long runcoms executing overnight.”
LOUIS POUZIN
1931, France

13. Broadlinux | Linux of Things
Reference
 Introduction to the Unix shell history,
http://www.softpanorama.org/People/Shell_giants/introduction.shtml
 The origin of the Shell, http://www.multicians.org/shell.html
 Evolution of shells in Linux http://www.ibm.com/developerworks/library/l-linux-shells/
 The Bourne-Again Shell, http://www.aosabook.org/en/bash.html
 Explain Shell website, http://explainshell.com/
 Unix, https://en.wikipedia.org/wiki/Unix
 The IBM 7094 and CTSS, http://www.multicians.org/thvv/7094.html
 What are built-in commands in linux,
http://stackoverflow.com/questions/3192373/what-are-shell-built-in-commands-in-
linux
 Some nifty shell tricks, http://www.ibm.com/developerworks/aix/tutorials/au-unixtips4/
 Shellshock Explained, http://learning.criticalwatch.com/shellshock/
 Inside Shellshock, https://blog.cloudflare.com/inside-shellshock/
13

14. Broadlinux | Linux of Things 14
Thank you!