Re: RFC: Removing file(1)+libmagic(3) from the base system
- From: "M. Warner Losh" <imp@xxxxxxxxxx>
- Date: Wed, 23 May 2007 16:03:39 -0600 (MDT)
In message: <46546E16.9070707@xxxxxxxxxxx>
Colin Percival <cperciva@xxxxxxxxxxx> writes:
: FreeBSD architects and file(1) maintainer,
:
: I'd like to remove file(1) and libmagic(3) from the FreeBSD base system
: for the following reasons:
: 1. I don't see it as being a necessary component of a UNIX-like operating
: system.
: 2. It's available in the ports tree.
: 3. Due to its nature as a program which parses multiple data formats, it
: poses an unusually high risk of having security problems in the future
: (cf. ethereal/wireshark).
:
: The one redeeming feature of file/libmagic as far as security is concerned
: is that it doesn't act as a daemon, i.e., other code or user intervention
: is required for an attacker to exploit security issues. This is why I'm
: asking here rather than wielding the "Security Officer can veto code which
: he doesn't like" stick. :-)
:
: Can anyone make a strong argument for keeping this code in the base system?
Because it is so darn useful, people use it in scripting all the time
and it has been there for a long time.
Warner
_______________________________________________
freebsd-arch@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@xxxxxxxxxxx"
- References:
- RFC: Removing file(1)+libmagic(3) from the base system
- From: Colin Percival
- RFC: Removing file(1)+libmagic(3) from the base system
- Prev by Date: Re: RFC: Removing file(1)+libmagic(3) from the base system
- Next by Date: Re: RFC: Removing file(1)+libmagic(3) from the base system
- Previous by thread: Re: RFC: Removing file(1)+libmagic(3) from the base system
- Next by thread: Re: RFC: Removing file(1)+libmagic(3) from the base system
- Index(es):
Relevant Pages
|
|
