RFC: Removing file(1)+libmagic(3) from the base system
Colin Percival
cperciva at freebsd.org
Thu May 24 07:02:18 UTC 2007
Kris Kennaway wrote:
> What is the threat you are defending against here: "Admin runs file(1)
> on untrusted binary"?
Yes, or "user runs script(s) which run file(1) on untrusted binaries".
> If so, how does it differ from e.g. running cat(1) on an untrusted
> binary, which can reprogram your terminal emulation and in some cases
> take over your terminal; or from various other unprivileged user
> binaries that also crash when operating on corrupted data, possibly in
> an exploitable way? Last time I checked lots of our /usr/bin tools
> coredumped when you passed them unexpected input.
What do you mean by "unexpected input"? Do you mean unexpected data on
stdin to tools like b64decode, comm, cut, diff, and fold, which might
reasonably be run on untrusted data, or do you mean wacky command lines
to utilities like awk or c99 (where control over said command line would
innately give an attacker the ability to run code of his choosing)?
> Also, did coverity find the buffer overflow
No. The overflow resulted from failing to correctly keep track of how
much space was left in a buffer, so it wasn't something which Coverity
(or any other similar tool) really had any chance to find.
Colin Percival
More information about the freebsd-arch
mailing list