[File] /usr/bin and /bin

Steve Grubb sgrubb at redhat.com
Thu May 27 18:04:50 UTC 2021 

Hello,

On Thursday, May 27, 2021 1:26:53 PM EDT Christos Zoulas wrote:
> Hi, I am annoyed by that too (but not yet to the level that I have sat down
> to think how to fix it :-)

I was thinking that maybe if the first 2 characters are #!, then try matching 
against the variation in dirnames. If there is a match, replace the start 
with $Shebang or whatever token/name is agreeable. Then used this new string 
to start matching against the magic db. Seperately, the magic db text files 
gets fixed up to use the token/name. After compilation, both pieces can match. 
I'd consider looking into this, but not sure which source file does the 
initial parsing of the target file.

Best Regards,
-Steve

> > On May 27, 2021, at 12:55 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> > 
> > Hello,
> > 
> > I was wondering something. There are distributions that have /bin and
> > /sbin symlinked to /usr/bin and /usr/sbin respectively. Because files
> > could be in either place, there are tests like:
> > 
> > #!/bin/sh
> > echo DEFANGED.2
> > exit
> > #!\ /bin/bash
> > #!\ /usr/bin/bash
> > #!\ /usr/local/bash
> > #!\ /usr/local/bin/bash
> > 
> > and the same would apply to any other script with a shebang. Could this
> > be
> > solved programmatically rather than having to do this throughout the
> > magic db for every script? I'm thinking this could make the magic db
> > smaller and lower the maintenance associated.
> > 
> > Best Regards,
> > -Steve
> > 
> > 
> > --
> > File mailing list
> > File at astron.com
> > https://mailman.astron.com/mailman/listinfo/file
> > 
> > 
> > --
> > This message has been 'sanitized'.  This means that potentially
> > dangerous content has been rewritten or removed.  The following
> > log describes which actions were taken.
> > 
> > Sanitizer (start="1622134559"):
> >  SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
> >    Match (names="unnamed.txt", rule="9"):
> >      Enforced policy: accept
> >  
> >  Defanged UNIX shell script(s).
> >  Total modifications so far: 1
> > 
> > Anomy 0.0.0 : Sanitizer.pm
> > $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $

More information about the File mailing list