[File] /usr/bin and /bin
Steve Grubb
sgrubb at redhat.com
Thu May 27 18:04:50 UTC 2021
Hello,
On Thursday, May 27, 2021 1:26:53 PM EDT Christos Zoulas wrote:
> Hi, I am annoyed by that too (but not yet to the level that I have sat down
> to think how to fix it :-)
I was thinking that maybe if the first 2 characters are #!, then try matching
against the variation in dirnames. If there is a match, replace the start
with $Shebang or whatever token/name is agreeable. Then used this new string
to start matching against the magic db. Seperately, the magic db text files
gets fixed up to use the token/name. After compilation, both pieces can match.
I'd consider looking into this, but not sure which source file does the
initial parsing of the target file.
Best Regards,
-Steve
> > On May 27, 2021, at 12:55 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> >
> > Hello,
> >
> > I was wondering something. There are distributions that have /bin and
> > /sbin symlinked to /usr/bin and /usr/sbin respectively. Because files
> > could be in either place, there are tests like:
> >
> > #!/bin/sh
> > echo DEFANGED.2
> > exit
> > #!\ /bin/bash
> > #!\ /usr/bin/bash
> > #!\ /usr/local/bash
> > #!\ /usr/local/bin/bash
> >
> > and the same would apply to any other script with a shebang. Could this
> > be
> > solved programmatically rather than having to do this throughout the
> > magic db for every script? I'm thinking this could make the magic db
> > smaller and lower the maintenance associated.
> >
> > Best Regards,
> > -Steve
> >
> >
> > --
> > File mailing list
> > File at astron.com
> > https://mailman.astron.com/mailman/listinfo/file
> >
> >
> > --
> > This message has been 'sanitized'. This means that potentially
> > dangerous content has been rewritten or removed. The following
> > log describes which actions were taken.
> >
> > Sanitizer (start="1622134559"):
> > SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
> > Match (names="unnamed.txt", rule="9"):
> > Enforced policy: accept
> >
> > Defanged UNIX shell script(s).
> > Total modifications so far: 1
> >
> > Anomy 0.0.0 : Sanitizer.pm
> > $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $
More information about the File
mailing list