Re: RFC: Removing file(1)+libmagic(3) from the base system
- From: "Constantine A. Murenin" <mureninc@xxxxxxxxx>
- Date: Wed, 23 May 2007 14:06:20 -0400
On 23/05/07, Colin Percival <cperciva@xxxxxxxxxxx> wrote:
FreeBSD architects and file(1) maintainer,
I'd like to remove file(1) and libmagic(3) from the FreeBSD base system
for the following reasons:
1. I don't see it as being a necessary component of a UNIX-like operating
system.
2. It's available in the ports tree.
3. Due to its nature as a program which parses multiple data formats, it
poses an unusually high risk of having security problems in the future
(cf. ethereal/wireshark).
The one redeeming feature of file/libmagic as far as security is concerned
is that it doesn't act as a daemon, i.e., other code or user intervention
is required for an attacker to exploit security issues. This is why I'm
asking here rather than wielding the "Security Officer can veto code which
he doesn't like" stick. :-)
Can anyone make a strong argument for keeping this code in the base system?
What about the manual page, History section?
<<
There has been a file command in every UNIX since at least Research Ver-
sion 4 (man page dated November, 1973). The System V version introduced
one significant major change: the external list of magic number types.
Cheers,
Constantine.
_______________________________________________
freebsd-arch@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@xxxxxxxxxxx"
- References:
- RFC: Removing file(1)+libmagic(3) from the base system
- From: Colin Percival
- RFC: Removing file(1)+libmagic(3) from the base system
- Prev by Date: Re: RFC: Removing file(1)+libmagic(3) from the base system
- Next by Date: Re: RFC: Removing file(1)+libmagic(3) from the base system
- Previous by thread: Re: RFC: Removing file(1)+libmagic(3) from the base system
- Next by thread: Re: RFC: Removing file(1)+libmagic(3) from the base system
- Index(es):
Relevant Pages
|
|
