|
|
|
|
|
|
by IvyMike
4067 days ago
|
|
|
"It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file(1)." This is what I am saying...given the right input, file(1) could do anything and everything. Yes, it's only due to a bug in file(1), but still that's kind of ridiculous. We have all sorts of things in place to protect against other bugs (for example, segmentation faults), and there's 27 years of evidence that we need some more help. |
|
|
I point again to:
http://en.wikipedia.org/wiki/Halting_problem
If you are reading in from a file, and you make decisions that are complex enough to be S- and K- combinators (or a concept of "if" and "jump", or some other minimal set), then you have given an attacker a Turing machine.