Date: Thu, 24 May 2007 00:02:06 -0700 From: Colin Percival <cperciva@freebsd.org> To: Kris Kennaway <kris@obsecurity.org> Cc: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: RFC: Removing file(1)+libmagic(3) from the base system Message-ID: <4655386E.2000605@freebsd.org> In-Reply-To: <20070523192103.GA61937@xor.obsecurity.org> References: <46546E16.9070707@freebsd.org> <20070523192103.GA61937@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > What is the threat you are defending against here: "Admin runs file(1) > on untrusted binary"? Yes, or "user runs script(s) which run file(1) on untrusted binaries". > If so, how does it differ from e.g. running cat(1) on an untrusted > binary, which can reprogram your terminal emulation and in some cases > take over your terminal; or from various other unprivileged user > binaries that also crash when operating on corrupted data, possibly in > an exploitable way? Last time I checked lots of our /usr/bin tools > coredumped when you passed them unexpected input. What do you mean by "unexpected input"? Do you mean unexpected data on stdin to tools like b64decode, comm, cut, diff, and fold, which might reasonably be run on untrusted data, or do you mean wacky command lines to utilities like awk or c99 (where control over said command line would innately give an attacker the ability to run code of his choosing)? > Also, did coverity find the buffer overflow No. The overflow resulted from failing to correctly keep track of how much space was left in a buffer, so it wasn't something which Coverity (or any other similar tool) really had any chance to find. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4655386E.2000605>