Date: Thu, 24 May 2007 00:14:33 -0700 From: Colin Percival <cperciva@freebsd.org> To: Greg 'groggy' Lehey <grog@freebsd.org> Cc: Daniel Eischen <deischen@freebsd.org>, Alfred Perlstein <alfred@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: RFC: Removing file(1)+libmagic(3) from the base system Message-ID: <46553B59.5030501@freebsd.org> In-Reply-To: <20070524005817.GD46113@wantadilla.lemis.com> References: <46546E16.9070707@freebsd.org> <Pine.GSO.4.64.0705231346400.9867@sea.ntplx.net> <20070523195933.GM21795@elvis.mu.org> <20070524005817.GD46113@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg 'groggy' Lehey wrote: > One of the most stupid things I know in the Microsoft space is to > identify files by external features such as their name; IIRC this has > opened the way for trojans such as executables posing as images, etc. > The obvious alternative is the "UNIX way": identify the files by their > content, not their name. And that's precisely the purpose of > file(1). Removing it seems counterproductive. >From a security perspective, the only thing I can imagine which is worse than identifying the data type of a file based on the file name is to look at the file contents and try to guess. This lends itself to attacks against firewall systems by constructing a file which the firewall decides looks like a harmless file type, but the target host decides is something different. External metadata -- using MIME types, ideally -- is the only secure way to define file types. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46553B59.5030501>