RFC: Removing file(1)+libmagic(3) from the base system
Colin Percival
cperciva at freebsd.org
Thu May 24 07:14:46 UTC 2007
Greg 'groggy' Lehey wrote:
> One of the most stupid things I know in the Microsoft space is to
> identify files by external features such as their name; IIRC this has
> opened the way for trojans such as executables posing as images, etc.
> The obvious alternative is the "UNIX way": identify the files by their
> content, not their name. And that's precisely the purpose of
> file(1). Removing it seems counterproductive.
>From a security perspective, the only thing I can imagine which is worse
than identifying the data type of a file based on the file name is to
look at the file contents and try to guess. This lends itself to attacks
against firewall systems by constructing a file which the firewall decides
looks like a harmless file type, but the target host decides is something
different.
External metadata -- using MIME types, ideally -- is the only secure way
to define file types.
Colin Percival
More information about the freebsd-arch
mailing list