Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 May 2007 18:26:56 -0400
From:      Garance A Drosehn <gad@FreeBSD.org>
To:        Colin Percival <cperciva@FreeBSD.org>
Cc:        freebsd-arch@FreeBSD.org
Subject:   Re: RFC: Removing file(1)+libmagic(3) from the base system
Message-ID:  <p06240801c27a5fa747b0@[128.113.24.47]>
In-Reply-To: <7158.1179947572@critter.freebsd.dk>
References:  <7158.1179947572@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 7:12 PM +0000 5/23/07, Poul-Henning Kamp wrote:
>In message <46546E16.9070707@freebsd.org>, Colin Percival writes:
>>  FreeBSD architects and file(1) maintainer,
>>
>  > I'd like to remove file(1) and libmagic(3) from the FreeBSD base
>  > system for the following reasons:
>  >
>  > 1. I don't see it as being a necessary component of a UNIX-like
>  >    operating system.
>
>On this I would tend to disagree strongly.  The ability to identify
>random files have been a key component of UNIX for many years and
>I think people would be significantly surprised if we stopped
>providing it.

I concur with PHK.  There has been a 'file' command on every unix
system I have used in the past 15 (or more) years.  If FreeBSD
removes the file(1) command, almost every sysadmin will simply
install it from ports.

The file(1) command does not run as a daemon, it is not setuid or
setgid, and has no special access to any information which must be
kept secure (such as /etc/passwd).  I don't see why we would single
out that command based on one buffer overflow.

I realize that every security advisory involves a lot of rush work
on the part of the security team, but I don't think that file(1)
has been guilty often enough for us to consider removing it.  And I
think removing it for *security* reasons is particularly pointless
when we know that every unix sysadmin is just going to install it
from ports if it was not in the base system.

Mark me as a strong vote against removing it from the base system.

If we really think that file(1) command is a serious security problem,
then we should do things to limit the damage it can do.  Moving it
into an always-installed port will not improve security (IMO).

-- 
Garance Alistair Drosehn     =               drosehn@rpi.edu
Senior Systems Programmer               or   gad@FreeBSD.org
Rensselaer Polytechnic Institute;             Troy, NY;  USA

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p06240801c27a5fa747b0>