Re: RFC: Removing file(1)+libmagic(3) from the base system

---

• From: Kris Kennaway <kris@xxxxxxxxxxxxxx>
• Date: Wed, 23 May 2007 15:21:03 -0400

---

On Wed, May 23, 2007 at 09:38:46AM -0700, Colin Percival wrote:

FreeBSD architects and file(1) maintainer,

I'd like to remove file(1) and libmagic(3) from the FreeBSD base system
for the following reasons:
1. I don't see it as being a necessary component of a UNIX-like operating
system.
2. It's available in the ports tree.
3. Due to its nature as a program which parses multiple data formats, it
poses an unusually high risk of having security problems in the future
(cf. ethereal/wireshark).

The one redeeming feature of file/libmagic as far as security is concerned
is that it doesn't act as a daemon, i.e., other code or user intervention
is required for an attacker to exploit security issues. This is why I'm
asking here rather than wielding the "Security Officer can veto code which
he doesn't like" stick. :-)

Can anyone make a strong argument for keeping this code in the base system?

What is the threat you are defending against here: "Admin runs file(1)
on untrusted binary"?

If so, how does it differ from e.g. running cat(1) on an untrusted
binary, which can reprogram your terminal emulation and in some cases
take over your terminal; or from various other unprivileged user
binaries that also crash when operating on corrupted data, possibly in
an exploitable way? Last time I checked lots of our /usr/bin tools
coredumped when you passed them unexpected input.

Also, did coverity find the buffer overflow, and if so, what other
bugs does it see in this tool, and have you fixed them? :)

Kris

Attachment: pgpETTvWOCIQa.pgp
Description: PGP signature

---

• Follow-Ups:
  • Re: RFC: Removing file(1)+libmagic(3) from the base system
    • From: Colin Percival

• References:
  • RFC: Removing file(1)+libmagic(3) from the base system
    • From: Colin Percival

• Prev by Date: Re: RFC: Removing file(1)+libmagic(3) from the base system
• Next by Date: Re: RFC: Removing file(1)+libmagic(3) from the base system
• Previous by thread: Re: RFC: Removing file(1)+libmagic(3) from the base system
• Next by thread: Re: RFC: Removing file(1)+libmagic(3) from the base system
• Index(es):
  • Date
  • Thread

---

Relevant Pages RFC: Removing file(1)+libmagic(3) from the base system ... I'd like to remove fileand libmagicfrom the FreeBSD base system ... The one redeeming feature of file/libmagic as far as security is concerned ... Can anyone make a strong argument for keeping this code in the base system? ... FreeBSD Security Officer ... (freebsd-arch) Re: Dumb question about ports/packages ... Or is just wise to leave the base alone and upgrade when a new ... follow the security branch for your ... > of base system vunerabilities. ... FreeBSD is designed to work ... (freebsd-questions) Re: How long without patching the base system? ... >> But for the base system, I'm not aware of such a tool. ... I can rely on FreeBSD security advisories ... > It's possible to update heaps of the system without rebooting, ... for my ports I upgrade as soon as portupgrade tells me (if the ... (comp.unix.bsd.freebsd.misc) Re: Dumb question about ports/packages ... > the base system packages in the UPGRADING document. ... follow the security branch for your ... (freebsd-questions) RE: copied music cds have a skip in last 18 seconds ... If installing all missing Windows Updates doesn't fix your problem ... xiowan.......in tucson ... (microsoft.public.windows.mediacenter)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > arch  > 2007-05