RFC: Removing file(1)+libmagic(3) from the base system
M. Warner Losh
imp at bsdimp.com
Wed May 23 22:06:36 UTC 2007
In message: <465482BA.4050607 at freebsd.org>
Colin Percival <cperciva at freebsd.org> writes:
: Garrett Wollman wrote:
: > In article <mit.lcs.mail.freebsd-arch/46546E16.9070707 at freebsd.org> you write:
: >> FreeBSD architects and file(1) maintainer,
: >> 3. Due to its nature as a program which parses multiple data formats, it
: >> poses an unusually high risk of having security problems in the future
: >> (cf. ethereal/wireshark).
: >
: > And this doesn't apply to, say, awk(1)?
:
: Eh? Unless I'm seriously confused, awk doesn't parse any data formats...
It handles arbitrary data from potentially hostile sources as well.
But only when the users asks it to do so...
Warner
More information about the freebsd-arch
mailing list