RFC: Removing file(1)+libmagic(3) from the base system

From: Colin Percival <cperciva@xxxxxxxxxxx>
Date: Wed, 23 May 2007 09:38:46 -0700

FreeBSD architects and file(1) maintainer,

I'd like to remove file(1) and libmagic(3) from the FreeBSD base system
for the following reasons:
1. I don't see it as being a necessary component of a UNIX-like operating
system.
2. It's available in the ports tree.
3. Due to its nature as a program which parses multiple data formats, it
poses an unusually high risk of having security problems in the future
(cf. ethereal/wireshark).

The one redeeming feature of file/libmagic as far as security is concerned
is that it doesn't act as a daemon, i.e., other code or user intervention
is required for an attacker to exploit security issues. This is why I'm
asking here rather than wielding the "Security Officer can veto code which
he doesn't like" stick. :-)

Can anyone make a strong argument for keeping this code in the base system?

Colin Percival
FreeBSD Security Officer

_______________________________________________
freebsd-arch@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: David O'Brien
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: David O'Brien
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: M. Warner Losh
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: David Schultz
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: Lyndon Nerenberg
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: Maxim Konovalov
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: Kris Kennaway
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: Poul-Henning Kamp
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: Constantine A. Murenin
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: Gary Palmer
- Re: RFC: Removing file(1)+libmagic(3) from the base system
  - From: Daniel Eischen

Prev by Date: Re: A problem with the select(2) interface
Next by Date: Re: RFC: Removing file(1)+libmagic(3) from the base system
Previous by thread: sched_lock && thread_lock()
Next by thread: Re: RFC: Removing file(1)+libmagic(3) from the base system
Index(es):
- Date
- Thread

Relevant Pages

RE: PAWS security vulnerability
... FreeBSD security list" isn't grammatically correct. ... "I told you to post the patch and info to the appropriate FreeBSD security ... "...This point and others are often discussed on the mailing lists, ...
(freebsd-questions)
Changes to FreeBSD security support policy
... for tracking security fixes to FreeBSD 4.3-RELEASE: ... This eliminates support for the class of vulnerabilities exploitable ...
(FreeBSD-Security)
RE: FreeBSD Security Survey
... Your also ignoring the fact that many security holes are a lot ... queries to this server to the NAS only. ... server with a new version of FreeBSD. ... Your survey responses lack any responses that indicate that leaving ...
(freebsd-questions)
Re: New FreeBSD Security Officer
... > I asked the FreeBSD Core Team to offer the security officer role to ... Thanks, Jacques, for the words of introduction. ... Second, while I am taking over as Security Officer, I won't be changing ... have been discussed for several months now -- but on the whole FreeBSD ...
(FreeBSD-Security)
gateway security?
... some discussions of general security in a LAN environment with a FreeBSD ... headless gateway sits in a dark closet, ...
(FreeBSD-Security)