RFC: Removing file(1)+libmagic(3) from the base system
Garance A Drosehn
gad at FreeBSD.org
Wed May 23 23:27:05 UTC 2007
At 7:12 PM +0000 5/23/07, Poul-Henning Kamp wrote:
>In message <46546E16.9070707 at freebsd.org>, Colin Percival writes:
>> FreeBSD architects and file(1) maintainer,
>>
> > I'd like to remove file(1) and libmagic(3) from the FreeBSD base
> > system for the following reasons:
> >
> > 1. I don't see it as being a necessary component of a UNIX-like
> > operating system.
>
>On this I would tend to disagree strongly. The ability to identify
>random files have been a key component of UNIX for many years and
>I think people would be significantly surprised if we stopped
>providing it.
I concur with PHK. There has been a 'file' command on every unix
system I have used in the past 15 (or more) years. If FreeBSD
removes the file(1) command, almost every sysadmin will simply
install it from ports.
The file(1) command does not run as a daemon, it is not setuid or
setgid, and has no special access to any information which must be
kept secure (such as /etc/passwd). I don't see why we would single
out that command based on one buffer overflow.
I realize that every security advisory involves a lot of rush work
on the part of the security team, but I don't think that file(1)
has been guilty often enough for us to consider removing it. And I
think removing it for *security* reasons is particularly pointless
when we know that every unix sysadmin is just going to install it
from ports if it was not in the base system.
Mark me as a strong vote against removing it from the base system.
If we really think that file(1) command is a serious security problem,
then we should do things to limit the damage it can do. Moving it
into an always-installed port will not improve security (IMO).
--
Garance Alistair Drosehn = drosehn at rpi.edu
Senior Systems Programmer or gad at FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA
More information about the freebsd-arch
mailing list