Date: Wed, 23 May 2007 14:06:20 -0400 From: "Constantine A. Murenin" <mureninc@gmail.com> To: "Colin Percival" <cperciva@freebsd.org> Cc: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: RFC: Removing file(1)+libmagic(3) from the base system Message-ID: <f34ca13c0705231106v142ca35ci73aee6eccf3a1@mail.gmail.com> In-Reply-To: <46546E16.9070707@freebsd.org> References: <46546E16.9070707@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23/05/07, Colin Percival <cperciva@freebsd.org> wrote:
> FreeBSD architects and file(1) maintainer,
>
> I'd like to remove file(1) and libmagic(3) from the FreeBSD base system
> for the following reasons:
> 1. I don't see it as being a necessary component of a UNIX-like operating
> system.
> 2. It's available in the ports tree.
> 3. Due to its nature as a program which parses multiple data formats, it
> poses an unusually high risk of having security problems in the future
> (cf. ethereal/wireshark).
>
> The one redeeming feature of file/libmagic as far as security is concerned
> is that it doesn't act as a daemon, i.e., other code or user intervention
> is required for an attacker to exploit security issues. This is why I'm
> asking here rather than wielding the "Security Officer can veto code which
> he doesn't like" stick. :-)
>
> Can anyone make a strong argument for keeping this code in the base system?
What about the manual page, History section?
<<
There has been a file command in every UNIX since at least Research Ver-
sion 4 (man page dated November, 1973). The System V version introduced
one significant major change: the external list of magic number types.
>>
Cheers,
Constantine.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f34ca13c0705231106v142ca35ci73aee6eccf3a1>