Date: Wed, 23 May 2007 15:21:03 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Colin Percival <cperciva@freebsd.org> Cc: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: RFC: Removing file(1)+libmagic(3) from the base system Message-ID: <20070523192103.GA61937@xor.obsecurity.org> In-Reply-To: <46546E16.9070707@freebsd.org> References: <46546E16.9070707@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 23, 2007 at 09:38:46AM -0700, Colin Percival wrote: > FreeBSD architects and file(1) maintainer, >=20 > I'd like to remove file(1) and libmagic(3) from the FreeBSD base system > for the following reasons: > 1. I don't see it as being a necessary component of a UNIX-like operating > system. > 2. It's available in the ports tree. > 3. Due to its nature as a program which parses multiple data formats, it > poses an unusually high risk of having security problems in the future > (cf. ethereal/wireshark). >=20 > The one redeeming feature of file/libmagic as far as security is concerned > is that it doesn't act as a daemon, i.e., other code or user intervention > is required for an attacker to exploit security issues. This is why I'm > asking here rather than wielding the "Security Officer can veto code which > he doesn't like" stick. :-) >=20 > Can anyone make a strong argument for keeping this code in the base syste= m? What is the threat you are defending against here: "Admin runs file(1) on untrusted binary"? If so, how does it differ from e.g. running cat(1) on an untrusted binary, which can reprogram your terminal emulation and in some cases take over your terminal; or from various other unprivileged user binaries that also crash when operating on corrupted data, possibly in an exploitable way? Last time I checked lots of our /usr/bin tools coredumped when you passed them unexpected input. Also, did coverity find the buffer overflow, and if so, what other bugs does it see in this tool, and have you fixed them? :) Kris --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGVJQfWry0BWjoQKURAiLbAKCbrwOYZnLrG5P32sXJRpbZ5MrqcQCffbUq Z02hlXrmJMM1CC9ecw29igA= =3vkD -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070523192103.GA61937>