On this page:
Shill:   Scripting with Least Privilege

Shill: Scripting with Least Privilege

Shill is a scripting language designed to support the Principle of Least Privilege. Shill has three key security features:
  • capabilities, which control access to system resources,

  • contracts, which provide specifications for how scripts use capabilities, and

  • capability-based sandboxes, which allow scripts to securely invoke executables.

Shill has three main components: a capability-safe scripting language, an "ambient" scripting language for launching capability-safe scripts, and a Mandatory Access Control policy that enforces capability-based sandboxes. Currently, Shill runs on the FreeBSD operating system.

This manual includes instructions for installing Shill and documents the capability-safe and ambient scripting languages.

    1 Installation

      1.1 Quickstart

      1.2 Advanced Installation

        1.2.1 System requirements

        1.2.2 Kernel modifications

        1.2.3 Pre-requisites

        1.2.4 Installation

    2 Examples

      2.1 Copy

        2.1.1 Capability-safe script

        2.1.2 Ambient script

      2.2 Grep

        2.2.1 Capability-safe script

        2.2.2 Ambient script