From owner-freebsd-arch@FreeBSD.ORG Thu May 24 07:14:45 2007 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F114C16A46C for ; Thu, 24 May 2007 07:14:45 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id C7B9913C4B0 for ; Thu, 24 May 2007 07:14:45 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd2mr6so.prod.shaw.ca (pd2mr6so-qfe3.prod.shaw.ca [10.0.141.9]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JIJ00GGXASMTV60@l-daemon> for freebsd-arch@freebsd.org; Thu, 24 May 2007 01:14:46 -0600 (MDT) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd2mr6so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JIJ00JA9ASL8GN0@pd2mr6so.prod.shaw.ca> for freebsd-arch@freebsd.org; Thu, 24 May 2007 01:14:46 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0JIJ00K5AASKU2J1@l-daemon> for freebsd-arch@freebsd.org; Thu, 24 May 2007 01:14:45 -0600 (MDT) Received: (qmail 4122 invoked from network); Thu, 24 May 2007 07:14:33 +0000 Received: from unknown (HELO hexahedron.daemonology.net) (127.0.0.1) by localhost with SMTP; Thu, 24 May 2007 07:14:33 +0000 Date: Thu, 24 May 2007 00:14:33 -0700 From: Colin Percival In-reply-to: <20070524005817.GD46113@wantadilla.lemis.com> To: Greg 'groggy' Lehey Message-id: <46553B59.5030501@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.95.0 References: <46546E16.9070707@freebsd.org> <20070523195933.GM21795@elvis.mu.org> <20070524005817.GD46113@wantadilla.lemis.com> User-Agent: Thunderbird 2.0.0.0 (X11/20070511) Cc: Daniel Eischen , Alfred Perlstein , "freebsd-arch@freebsd.org" Subject: Re: RFC: Removing file(1)+libmagic(3) from the base system X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2007 07:14:46 -0000 Greg 'groggy' Lehey wrote: > One of the most stupid things I know in the Microsoft space is to > identify files by external features such as their name; IIRC this has > opened the way for trojans such as executables posing as images, etc. > The obvious alternative is the "UNIX way": identify the files by their > content, not their name. And that's precisely the purpose of > file(1). Removing it seems counterproductive. >From a security perspective, the only thing I can imagine which is worse than identifying the data type of a file based on the file name is to look at the file contents and try to guess. This lends itself to attacks against firewall systems by constructing a file which the firewall decides looks like a harmless file type, but the target host decides is something different. External metadata -- using MIME types, ideally -- is the only secure way to define file types. Colin Percival