[File] Misdetection of shell

[Steve Grubb]

On Tuesday, February 11, 2020 8:20:50 PM EST Christos Zoulas wrote:
> I guess we can add the extra entries...

Good. Thanks. That will solve some problems for me.

I'd like to submit a script for consideration.

#!/bin/sh
DIRS="/bin /sbin /usr/bin /usr/sbin /usr/libexec /lib /lib64 /usr/lib /usr/
lib64"
tempfile=`mktemp /tmp/plain.XXXXXX`
FOUND=0
for d in $DIRS
do
        if [ -h $d ] ; then
                continue
        fi
        find $d -type f -perm /0111 -print >> $tempfile 2>/dev/null
        while read f
        do
                testf=`file --mime-type $f | grep text\/plain`
                if [ x"$testf" != x ] ; then
                        first=`head -n 1 $f`
                        echo -e "$f\t$first"
                        FOUND=1
                fi
        done < $tempfile
        truncate -s 0 $tempfile
done
rm -f $tempfile
if [ $FOUND -eq 0 ] ; then
        # Nothing to report, just exit
        echo "No problems found" 1>&2
        exit 0
fi
exit 1

I assume that text/plain is a catchall for anything who's characters are < 
128 and the file is not otherwise classified. The script finds anything marked 
for execution that results in plain. You can run that on any distribution and 
see how it turns out. ButIi would like to point to a synopsis of the 
sitiation. Assuming you saved the above as find-plain, then run as this since 
the /usr/bin/sh is accepted as an issue:

$ ./find-plain /usr/bin | grep -v \/usr\/bin\/sh | awk '{$1= ""; print $0}' | 
sort | uniq

We also get this:

#!/bin/rc -e
 #!/usr/bin/gjs
 #!/usr/bin/jimsh
 #!/usr/bin/lua
 #! /usr/bin/python
 #! /usr/bin/python2
 #! /usr/bin/python2.7
 #! /usr/bin/python2 -s
 #! /usr/bin/python3
 #! /usr/bin/python3.7
 #! /usr/bin/python3 -Es
 #! /usr/bin/python3 -s
 #!/usr/bin/Rscript
 #! /usr/bin/wish

Where /usr seems to be a running theme except for rc.

Best Regards,
-Steve