|
|
|
|
|
|
by raldi
4067 days ago
|
|
|
You say "needs" as if it's a matter of fact, but what a program needs to do is a very subjective matter. If you feel the command does more than it needs to, could you call out a few examples of bloated features that you would cut? |
|
|
But I haven't seen anything to disagree with file being similarly problematic. A quote like
To sum up: If somebody uses 'file' in an unconstrained OS environment on untrusted inputs, and he gets pwnd in the result, then it's not a security problem, it's an incompetence problem - and IMO it should be discussed elsewhere.
does not suggest that the program is very well designed.
Scanning for byte strings with no possibility of security flaw is a solved problem.