"It's dangerous because this Bash script that you created to generate a Web page can also be used to launch a new shell or exploit other vulnerabilities in the system," Moore said.
Shill would limit what can be done with any particular script. "Even if someone is able to inject some commands, they are still limited to the initial set of permissions that the script had in the beginning," Moore said.
In a way, Shill is similar to SE Linux, a National Security Agency technology embedded in Linux that is widely used to restrict what programs can do on a computer. SE Linux is used to establish a computerwide policy, while Shill confines the policies to the particular script executing the task, Moore said.
Sign up for Computerworld eNewsletters.