RFC: Removing file(1)+libmagic(3) from the base system
Peter Jeremy
peterjeremy at optushome.com.au
Thu May 24 12:31:49 UTC 2007
On 2007-May-23 17:23:25 -0400, David Schultz <das at freebsd.org> wrote:
>On Wed, May 23, 2007, Colin Percival wrote:
>> Can anyone make a strong argument for keeping this code in the base system?
>
>Removing it from the base system would merely amount to a
>marketing ploy, wherein we get to say that FreeBSD has fewer
>security holes because file(1) is a "third-party package". Doing
>so wouldn't make FreeBSD installations any more secure in
>practice.
My thoughts as well.
The way I see it, file(1) is an interpreter for the language defined
in magic(5). For most purposes (particularly when processing untrusted
input), the "program" that file(1) will execute is /usr/share/misc/magic
Viewed this way, I do not see it as any different to awk or sed.
From a security aspect, file(1) can extract C-style strings and
offsets from the untrusted input - and these obviously need careful
sanity checks in addition to the normal error checking.
Rather than treating ports as a ghetto for potentially unsafe
utilities, I believe the Project would be better off making those
utilities more robust. Has the OpenBSD project got an 'audited'
file(1)? If so, can we import it or the fixes?
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20070524/bd1a79ad/attachment.pgp
More information about the freebsd-arch
mailing list