Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Unix shell story


Published on

The historical story of Shell in UNIX

Published in: Software
  • Be the first to comment

  • Be the first to like this

Unix shell story

  1. 1. Quyen Le Van 23rd July 2015 Hanoi, Vietnam Unix Shell Story
  2. 2. Broadlinux | Linux of Things Agenda  History of Shell  About Bourne-Again Shell  BASH Issues 2
  3. 3. Broadlinux | Linux of Things HISTORY OF SHELL 3 The world before Shell
  4. 4. Broadlinux | Linux of Things The Origin of the Shell  “After having written dozens of commands for CTSS, I reached the stage where I felt that commands should be usable as building blocks for writing more commands, just like subroutine libraries”.  Louis Pouzin created for CTSS (The Compatible Time-Sharing System) a command called RUNCOM, which executed a list of commands contained in a file.  The idea of using commands somehow like a programming language, makes him write a paper explaining how the Multics command language could be designed with this objective. And he coined the word "shell" to name it. 4 1964 | RUNCOM 1963 | Start Multics 1965 | Multics shell 1977 | Bourne shell by Stephen Bourne 1971 | V6 shell 1st UNIX Shell by Ken Thompson 1969 | Start UNIX 1960s | CTSS 1991 | LINUX by Linus Torvalds
  5. 5. Broadlinux | Linux of Things ABOUT BOURNE-AGAIN SHELL 5 Go deeply inside BASH Shell
  6. 6. Broadlinux | Linux of Things BASH Shell Architecture  Bash processing is much like a shell pipeline: after being read from the terminal or a script, data is passed through a number of stages, transformed at each step, until the shell finally executes a command and collects its return status. 6
  7. 7. Broadlinux | Linux of Things Shell Built-in Commands  These builtin commands are part of the shell, and are implemented as part of the shell's source code to maintain or modify the shell's internal state.  The shell recognizes that the command that it was asked to execute was one of its builtins, and it performs that action on its own, without calling out to a separate executable.  Different shells have different builtins, though there will be a whole lot of overlap in the basic set. 7 <> $ echo $SHELL /bin/bash $ which printf /usr/bin/printf $ printf printf: usage: printf [-v var] format [arguments] $ /usr/bin/printf /usr/bin/printf: missing operand Try `/usr/bin/printf --help' for more information.
  8. 8. Broadlinux | Linux of Things Simple Command Execution  Simple commands are the ones most commonly encountered.  When presented a command name that is not the name of a shell function or builtin, bash searches the filesystem for an executable file with that name  The value of the PATH variable is used as a colon-separated list of directories in which to search.  Command names containing slashes (or other directory separators) are not looked up, but are executed directly.  If bash finds a file to execute, it forks and creates a new execution environment, and executes the program in this new environment. 8 Shell environment Subshell environment I/O redirection Spawns/fork /sbin/chmod 777 foo chmod(“foo”, 777)
  9. 9. Broadlinux | Linux of Things BASH ISSUES 9 Weakness of BASH Shell
  10. 10. Broadlinux | Linux of Things Shellshock (AKA Bashdoor)  A family of security bugs in the widely used Unix Bash shell (< 4.3.028), the first of which was disclosed on 24 September 2014.  Vulnerability in Bash executes trailing string after environment variable definition  To exploit simply insert malicious commands as part of a string that will be put in an environment variable given to Bash  Current exploits in the wild downloads rootkits, command and control servers, DoS and download malware  Attack Vectors: HTTP, DHCP, SIP, FTP, SMTP, SSHD, OpenVPN, Reverse DNS 10
  11. 11. Broadlinux | Linux of Things BASH Injection via HTTP  Injection is an entire class of attacks that rely on injecting data into a web application in order to facilitate the execution or interpretation of malicious data in an unexpected manner. 11 abc http:// <div> <value>abc; cat /ect/passwd;</value> </div> system(“echo %s > /some_file”, value); echo abc; cat /etc/passwd; > /some_file 1 2 3 lighthttpd
  12. 12. Copyright© 2014 DASAN Networks, Inc. ”It became possible to go home in the evening while leaving behind long runcoms executing overnight.” LOUIS POUZIN 1931, France
  13. 13. Broadlinux | Linux of Things Reference  Introduction to the Unix shell history,  The origin of the Shell,  Evolution of shells in Linux  The Bourne-Again Shell,  Explain Shell website,  Unix,  The IBM 7094 and CTSS,  What are built-in commands in linux, linux  Some nifty shell tricks,  Shellshock Explained,  Inside Shellshock, 13
  14. 14. Broadlinux | Linux of Things 14 Thank you!