From owner-freebsd-arch@FreeBSD.ORG Thu May 24 07:02:18 2007 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6366B16A421 for ; Thu, 24 May 2007 07:02:18 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 3E99613C43E for ; Thu, 24 May 2007 07:02:18 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mr3so.prod.shaw.ca (pd3mr3so-qfe3.prod.shaw.ca [10.0.141.179]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JIJ00DQXA7U4I40@l-daemon> for freebsd-arch@freebsd.org; Thu, 24 May 2007 01:02:18 -0600 (MDT) Received: from pn2ml8so.prod.shaw.ca ([10.0.121.152]) by pd3mr3so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JIJ00I8MA7VWPV0@pd3mr3so.prod.shaw.ca> for freebsd-arch@freebsd.org; Thu, 24 May 2007 01:02:19 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0JIJ0080PA7THX30@l-daemon> for freebsd-arch@freebsd.org; Thu, 24 May 2007 01:02:18 -0600 (MDT) Received: (qmail 4082 invoked from network); Thu, 24 May 2007 07:02:07 +0000 Received: from unknown (HELO hexahedron.daemonology.net) (127.0.0.1) by localhost with SMTP; Thu, 24 May 2007 07:02:07 +0000 Date: Thu, 24 May 2007 00:02:06 -0700 From: Colin Percival In-reply-to: <20070523192103.GA61937@xor.obsecurity.org> To: Kris Kennaway Message-id: <4655386E.2000605@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.95.0 References: <46546E16.9070707@freebsd.org> <20070523192103.GA61937@xor.obsecurity.org> User-Agent: Thunderbird 2.0.0.0 (X11/20070511) Cc: "freebsd-arch@freebsd.org" Subject: Re: RFC: Removing file(1)+libmagic(3) from the base system X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2007 07:02:18 -0000 Kris Kennaway wrote: > What is the threat you are defending against here: "Admin runs file(1) > on untrusted binary"? Yes, or "user runs script(s) which run file(1) on untrusted binaries". > If so, how does it differ from e.g. running cat(1) on an untrusted > binary, which can reprogram your terminal emulation and in some cases > take over your terminal; or from various other unprivileged user > binaries that also crash when operating on corrupted data, possibly in > an exploitable way? Last time I checked lots of our /usr/bin tools > coredumped when you passed them unexpected input. What do you mean by "unexpected input"? Do you mean unexpected data on stdin to tools like b64decode, comm, cut, diff, and fold, which might reasonably be run on untrusted data, or do you mean wacky command lines to utilities like awk or c99 (where control over said command line would innately give an attacker the ability to run code of his choosing)? > Also, did coverity find the buffer overflow No. The overflow resulted from failing to correctly keep track of how much space was left in a buffer, so it wasn't something which Coverity (or any other similar tool) really had any chance to find. Colin Percival