RFC: Removing file(1)+libmagic(3) from the base system
Kris Kennaway
kris at obsecurity.org
Thu May 24 07:19:07 UTC 2007
On Thu, May 24, 2007 at 12:10:35AM -0700, Colin Percival wrote:
> M. Warner Losh wrote:
> > I would argue that it would make the system LESS secure, because one
> > loses the ability to identify files on the system. People are going
> > to install it anyway, and it is a jump ball as to whether having it in
> > the base system would cause vulnerabilities to be updated faster than
> > having it in ports (both the actual update in the system, as well as
> > the user causing the update to happen: ports are a touch easier to
> > update, but lag a bit both in terms of people updating their ports
> > tree and ports committers updating the port).
>
> Interestingly, my experience from portsnap is that people tend to update
> ports more frequently than they apply security patches to the base system.
...with freebsd update. Important qualification.
> > And for there to be any exploitable vulnerability, the attacker would
> > need to feed the victum a bogusly formatted file, and cause the victum
> > to run file on that file. I doubt that the latest security hole will
> > ever result in a system compromise...
>
> You're more optimistic than I am, then. This latest advisory was issued
> on the basis of "it's a heap overflow in rather messy code, so we really
> have no idea if it's exploitable".
The only way I can think of is if there is a MIME email scanner out
there that uses file(1) to identify attachment types.
Kris
More information about the freebsd-arch
mailing list