From owner-freebsd-questions@FreeBSD.ORG Fri Jul 2 18:43:00 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 61E2E106566B for ; Fri, 2 Jul 2010 18:43:00 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id 200E78FC08 for ; Fri, 2 Jul 2010 18:42:59 +0000 (UTC) Received: from r55.edvax.de (port-92-195-117-232.dynamic.qsc.de [92.195.117.232]) by mx01.qsc.de (Postfix) with ESMTP id DDA953DB9E; Fri, 2 Jul 2010 20:42:52 +0200 (CEST) Received: from r55.edvax.de (localhost [127.0.0.1]) by r55.edvax.de (8.14.2/8.14.2) with SMTP id o62Ign9u002771; Fri, 2 Jul 2010 20:42:49 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Fri, 2 Jul 2010 20:42:49 +0200 From: Polytropon To: freebsd-questions@freebsd.org Message-Id: <20100702204249.1a7423ac.freebsd@edvax.de> In-Reply-To: <44r5jln3oj.fsf@be-well.ilk.org> References: <4C2DF07F.1020509@tundraware.com> <44630xq527.fsf@be-well.ilk.org> <20100702173504.c53738b2.freebsd@edvax.de> <44r5jln3oj.fsf@be-well.ilk.org> Organization: EDVAX X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Lowell Gilbert Subject: Re: 'file' Command Giving False Positives X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jul 2010 18:43:00 -0000 On Fri, 02 Jul 2010 14:23:24 -0400, Lowell Gilbert wrote: > Apparently, your memory is better than mine, because that was indeed > what I was thinking of. Which leads to the question of why magic(5) > lists LZ as representing "MS-DOS executable (built-in)". I'd be > hesitant to change that unless we knew for sure it was wrong. As it has been mentioned before, .EXE is *one* of the formats executable in DOS. .COM executables do not have specific headers (as they are loaded directly). Also, .BAT are executable, allthough they are text files, and finally .BTM are also text file executables, specific to NDOS. As far as I also remember, there's .EXE on OS/2, too. One could argue if "Windows" .PIF are also executables. Of course, VMS also has .COM... but I see I'm making a digression... :-) > Even if it _is_ wrong, the "problem" still remains for "MZ" at least: > Any file starting with those letters is going to be identified as an > MS-DOS executable, and there's no clear way to distinguish it from a > text file that happens to start with those letters. Well, there's a solution that is not *that* complicated: If the file contains characters that don't match isprint(), i. e. those outside the ASCII set used in real text files, it's likely to be an executable. A scriptable solution might be to diff vs. `strings `. If they differ, it's not a text, so it might be an executable. I'm not sure if the magic identification string starting with MZ could be enlarged with other specific characters immediately following MZ that are *only* present in executables... The problem is that "MZ itself is completely sufficient: % echo "MZ" > foo % file foo foo: MS-DOS executable Of course, that's not correct. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...