Hardening the "file" utility for Debian

Well, choosing a language other than C is sure to help here. Assuming you have more advanced facilities like parser combinators or PEG grammars actually reading the untrusted code, the lack of open-coded fiddly bits (pointer increment, off-by-one loops, </<= mixups, etc.) is certainly a far better step in the right direction.