Stories
Slash Boxes
Comments

SoylentNews is people

OpenBSD Rewrites the File Utility

posted by CoolHand on Wednesday April 29 2015, @11:00PM   Printer-friendly
from the not-your-daddy's-unix-anymore dept.

canopic jug writes:

Via BSD Now, the old, familiar file command has been completely rewritten by OpenBSD developer Nicholas Marriott, who also happens to be the author of tmux. This new edition takes advantage of modern coding practices and the usual OpenBSD scrutiny. It will run by default as an unprivileged user with no shell, and in a systrace sandbox, strictly limiting what system calls can be made and has a drastically reduced potential for damage which a malicious file could do. Ian Darwin, the original author of the utility, saw the commit and, in what may be a moment in BSD history to remember, replied.

The file utility has been around since the 1970s and is used to determine what type of file something actually is. It hasn't seen a lot of development these days, and it's had its share of security issues as well. Some of those security issues remained unfixed, despite being publicly known for a while. It is run to inspect all kinds of files and was technically designed to be used on untrusted files, so tightening things up improves the situation quite a bit.

 
This discussion has been archived. No new comments can be posted.
OpenBSD Rewrites the File Utility | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday April 30 2015, @06:19PM

    by Anonymous Coward on Thursday April 30 2015, @06:19PM (#177194)

    OpenBSD does not really care about portability and the like. Their whole mantra is security and quality first.

    As to your questions, Nobody is not defined by POSIX and indirectly by the LSB; it is mostly defined by convention. I believe on OpenBSD, nobody is guaranteed to exist and is unprivileged with isolated processes. The problem is Linux and some other BSDs. On those, nobody is not guaranteed to exist but usually does due to convention. However, those systems treat nobody as any other user (albeit one with login disabled and no home directory and it can't own files), which means that any process it owns can send signals to any other process it owns. Therefore, if you run your daemons as nobody and file gets exploited as nobody, it could send SIGKILLs to all of them (hence the modern security advice to give each its own user and group).

    If I were to do file on Linux, I would have it run as a dedicated user and drop all privileges and capabilities that are not necessary (just like any other process that handles unknown info from third parties) and would strongly consider having it use seccomp after opening the requisite file descriptors to the database and file being checked.