From owner-freebsd-security@FreeBSD.ORG  Thu May 24 14:49:38 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id EA12916A46E
	for <freebsd-security@freebsd.org>;
	Thu, 24 May 2007 14:49:38 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from mx00.pub.collaborativefusion.com
	(mx00.pub.collaborativefusion.com [206.210.89.199])
	by mx1.freebsd.org (Postfix) with ESMTP id 9293E13C484
	for <freebsd-security@freebsd.org>;
	Thu, 24 May 2007 14:49:38 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from vanquish.pgh.priv.collaborativefusion.com
	(vanquish.pgh.priv.collaborativefusion.com [192.168.2.61])
	(SSL: TLSv1/SSLv3,256bits,AES256-SHA)
	by wingspan with esmtp; Thu, 24 May 2007 10:39:33 -0400
	id 00056410.4655A3A5.00004D1E
Date: Thu, 24 May 2007 10:39:33 -0400
From: Bill Moran <wmoran@collaborativefusion.com>
To: "=?ISO-8859-1?Q?\"Dag-Erling_Sm=F8rgrav\"?=" <des@des.no>
Message-Id: <20070524103933.98340818.wmoran@collaborativefusion.com>
In-Reply-To: <86myzugx5r.fsf@dwp.des.no>
References: <200705231619.l4NGJtHB017927@freefall.freebsd.org>
	<1179937542.1121.4.camel@soundwave.pgh.priv.collaborativefusion.com>
	<86myzugx5r.fsf@dwp.des.no>
Organization: Collaborative Fusion
X-Mailer: Sylpheed 2.3.1 (GTK+ 2.10.11; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org,
	"Brian A. Seklecki" <bseklecki@collaborativefusion.com>
Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory
 FreeBSD-SA-07:04.file
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2007 14:49:39 -0000

In response to "Dag-Erling Sm=F8rgrav" <des@des.no>:

> "Brian A. Seklecki" <bseklecki@collaborativefusion.com> writes:
> > I'll have to check, but I doubt anything other than file(1) on
> > production systems is linked against libmagic.  This is safe to do in
> > real-time afaik. ~BAS
>=20
> AFAIK, Apache's mod_mime_magic either links against libmagic or against
> its own copy of the same code.

According to the docs:
http://httpd.apache.org/docs/2.2/mod/mod_mime_magic.html

It would appear that Apache uses its own code for mod_mime_magic.

That does not guarantee that it doesn't have the same problem, however.

--=20
Bill Moran
Collaborative Fusion Inc.
http://people.collaborativefusion.com/~wmoran/

wmoran@collaborativefusion.com
Phone: 412-422-3463x4023