Date: Wed, 23 May 2007 16:04:20 -0600 (MDT) From: "M. Warner Losh" <imp@bsdimp.com> To: cperciva@freebsd.org Cc: wollman@hergotha.csail.mit.edu, freebsd-arch@freebsd.org Subject: Re: RFC: Removing file(1)+libmagic(3) from the base system Message-ID: <20070523.160420.163264050.imp@bsdimp.com> In-Reply-To: <465482BA.4050607@freebsd.org> References: <200705231753.l4NHrTEm025055@hergotha.csail.mit.edu> <465482BA.4050607@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <465482BA.4050607@freebsd.org>
Colin Percival <cperciva@freebsd.org> writes:
: Garrett Wollman wrote:
: > In article <mit.lcs.mail.freebsd-arch/46546E16.9070707@freebsd.org> you write:
: >> FreeBSD architects and file(1) maintainer,
: >> 3. Due to its nature as a program which parses multiple data formats, it
: >> poses an unusually high risk of having security problems in the future
: >> (cf. ethereal/wireshark).
: >
: > And this doesn't apply to, say, awk(1)?
:
: Eh? Unless I'm seriously confused, awk doesn't parse any data formats...
It handles arbitrary data from potentially hostile sources as well.
But only when the users asks it to do so...
Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070523.160420.163264050.imp>