RFC: Removing file(1)+libmagic(3) from the base system

Julian Elischer julian at elischer.org
Thu May 24 00:55:31 UTC 2007


Colin Percival wrote:
> Poul-Henning Kamp wrote:
>> In message <46546E16.9070707 at freebsd.org>, Colin Percival writes:
>>> I'd like to remove file(1) and libmagic(3) from the FreeBSD base system
>>> for the following reasons:
>> One mitigating option would be to open the magic file and input
>> and sequester the file process in a jail.
> 
> Last time I checked, unprivileged processes couldn't jail themselves.  We
> could make file(1) setuid root and use a privilege separation approach,
> but I'm not convinced that would be a net win.

How about a bit in the headers of a program that are set by the Makefile.
If the bit is not set then the elf program executor sets a bit that
forbids exec from ever running..

how many programs actually need to be able to run exec..
the average exploit does an exec(/bin/sh)


> 
> Colin Percival
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"



More information about the freebsd-arch mailing list