4. Broadlinux | Linux of Things
The Origin of the Shell
“After having written dozens of commands for CTSS, I reached the stage
where I felt that commands should be usable as building blocks for writing
more commands, just like subroutine libraries”.
Louis Pouzin created for CTSS (The Compatible Time-Sharing System) a
command called RUNCOM, which executed a list of commands contained
in a file.
The idea of using commands somehow like a programming language,
makes him write a paper explaining how the Multics command language
could be designed with this objective. And he coined the word "shell" to
name it.
4
1964
|
RUNCOM
1963
|
Start
Multics
1965
|
Multics
shell
1977
|
Bourne shell
by Stephen Bourne
1971
|
V6 shell
1st UNIX Shell
by Ken Thompson
1969
|
Start
UNIX
1960s
|
CTSS
1991
|
LINUX
by Linus
Torvalds
5. Broadlinux | Linux of Things
ABOUT BOURNE-AGAIN SHELL
5
Go deeply inside BASH Shell
6. Broadlinux | Linux of Things
BASH Shell Architecture
Bash processing is much like a shell pipeline: after being read from the
terminal or a script, data is passed through a number of stages, transformed
at each step, until the shell finally executes a command and collects its
return status.
6
7. Broadlinux | Linux of Things
Shell Built-in Commands
These builtin commands are part of the shell, and are implemented as part
of the shell's source code to maintain or modify the shell's internal state.
The shell recognizes that the command that it was asked to execute was
one of its builtins, and it performs that action on its own, without calling out
to a separate executable.
Different shells have different builtins, though there will be a whole lot of
overlap in the basic set.
7
<>
$ echo $SHELL
/bin/bash
$ which printf
/usr/bin/printf
$ printf
printf: usage: printf [-v var] format [arguments]
$ /usr/bin/printf
/usr/bin/printf: missing operand
Try `/usr/bin/printf --help' for more information.
8. Broadlinux | Linux of Things
Simple Command Execution
Simple commands are the ones most commonly encountered.
When presented a command name that is not the name of a shell function
or builtin, bash searches the filesystem for an executable file with that name
The value of the PATH variable is used as a colon-separated list of directories in
which to search.
Command names containing slashes (or other directory separators) are not
looked up, but are executed directly.
If bash finds a file to execute, it forks and creates a new execution
environment, and executes the program in this new environment.
8
Shell
environment
Subshell
environment
I/O redirection
Spawns/fork
/sbin/chmod 777 foo
chmod(“foo”, 777)
10. Broadlinux | Linux of Things
Shellshock (AKA Bashdoor)
A family of security bugs in the widely used Unix Bash shell (< 4.3.028), the
first of which was disclosed on 24 September 2014.
Vulnerability in Bash executes trailing string after environment variable
definition
To exploit simply insert malicious commands as part of a string that will be
put in an environment variable given to Bash
Current exploits in the wild downloads rootkits, command and control
servers, DoS and download malware
Attack Vectors: HTTP, DHCP, SIP, FTP, SMTP, SSHD, OpenVPN, Reverse
DNS
10
11. Broadlinux | Linux of Things
BASH Injection via HTTP
Injection is an entire class of attacks that rely on injecting data into a web
application in order to facilitate the execution or interpretation of malicious
data in an unexpected manner.
11
abc
http://
<div>
<value>abc; cat /ect/passwd;</value>
</div>
system(“echo %s > /some_file”, value);
echo abc; cat /etc/passwd; > /some_file
1
2
3
lighthttpd
13. Broadlinux | Linux of Things
Reference
Introduction to the Unix shell history,
http://www.softpanorama.org/People/Shell_giants/introduction.shtml
The origin of the Shell, http://www.multicians.org/shell.html
Evolution of shells in Linux http://www.ibm.com/developerworks/library/l-linux-shells/
The Bourne-Again Shell, http://www.aosabook.org/en/bash.html
Explain Shell website, http://explainshell.com/
Unix, https://en.wikipedia.org/wiki/Unix
The IBM 7094 and CTSS, http://www.multicians.org/thvv/7094.html
What are built-in commands in linux,
http://stackoverflow.com/questions/3192373/what-are-shell-built-in-commands-in-
linux
Some nifty shell tricks, http://www.ibm.com/developerworks/aix/tutorials/au-unixtips4/
Shellshock Explained, http://learning.criticalwatch.com/shellshock/
Inside Shellshock, https://blog.cloudflare.com/inside-shellshock/
13