Re: RFC: Removing file(1)+libmagic(3) from the base system

On Thu, May 24, 2007 at 12:10:35AM -0700, Colin Percival wrote:
M. Warner Losh wrote:
I would argue that it would make the system LESS secure, because one
loses the ability to identify files on the system. People are going
to install it anyway, and it is a jump ball as to whether having it in
the base system would cause vulnerabilities to be updated faster than
having it in ports (both the actual update in the system, as well as
the user causing the update to happen: ports are a touch easier to
update, but lag a bit both in terms of people updating their ports
tree and ports committers updating the port).

Interestingly, my experience from portsnap is that people tend to update
ports more frequently than they apply security patches to the base system.

...with freebsd update. Important qualification.

And for there to be any exploitable vulnerability, the attacker would
need to feed the victum a bogusly formatted file, and cause the victum
to run file on that file. I doubt that the latest security hole will
ever result in a system compromise...

You're more optimistic than I am, then. This latest advisory was issued
on the basis of "it's a heap overflow in rather messy code, so we really
have no idea if it's exploitable".

The only way I can think of is if there is a MIME email scanner out
there that uses file(1) to identify attachment types.

Kris
_______________________________________________
freebsd-arch@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@xxxxxxxxxxx"

Relevant Pages