Date: Thu, 24 May 2007 03:19:06 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Colin Percival <cperciva@freebsd.org> Cc: freebsd-arch@freebsd.org Subject: Re: RFC: Removing file(1)+libmagic(3) from the base system Message-ID: <20070524071906.GB80416@xor.obsecurity.org> In-Reply-To: <46553A6B.7070904@freebsd.org> References: <46546E16.9070707@freebsd.org> <7158.1179947572@critter.freebsd.dk> <20070523213251.GA14733@keltia.freenix.fr> <20070523.161038.-1989860747.imp@bsdimp.com> <46553A6B.7070904@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 24, 2007 at 12:10:35AM -0700, Colin Percival wrote: > M. Warner Losh wrote: > > I would argue that it would make the system LESS secure, because one > > loses the ability to identify files on the system. People are going > > to install it anyway, and it is a jump ball as to whether having it in > > the base system would cause vulnerabilities to be updated faster than > > having it in ports (both the actual update in the system, as well as > > the user causing the update to happen: ports are a touch easier to > > update, but lag a bit both in terms of people updating their ports > > tree and ports committers updating the port). > > Interestingly, my experience from portsnap is that people tend to update > ports more frequently than they apply security patches to the base system. ...with freebsd update. Important qualification. > > And for there to be any exploitable vulnerability, the attacker would > > need to feed the victum a bogusly formatted file, and cause the victum > > to run file on that file. I doubt that the latest security hole will > > ever result in a system compromise... > > You're more optimistic than I am, then. This latest advisory was issued > on the basis of "it's a heap overflow in rather messy code, so we really > have no idea if it's exploitable". The only way I can think of is if there is a MIME email scanner out there that uses file(1) to identify attachment types. Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070524071906.GB80416>