Hi OpenPKG-developers,
I have just send the following problem report to upstream of the file package.
You might want to consider adding this to OpenPKG, if upstream does
not react quikely.
--
Managing Director - Owner, www.intevation.net (Free Software Company)
Germany Coordinator, fsfeurope.org (Non-Profit Org for Free Software)
www.kolab-konsortium.com (Email/Groupware Solution, Professional Service)
--- Begin Message ---
Hi Christos,
as maintainer for file, I have feedback and a suggestion.
Excerpts of the text have also gone into a Debian bug report.
There are a few one byte patterns in /usr/share/file/magic
which can to bad effects. Especially the ones that result
in "executable" having a change on 1 out of 256 to happen
on random binary files.
Use case:
Amavisd uses file to see if the scanned file is an executable.
Openoffice.org's encrypted files within in the .sxw zip file
can be treated as random files. Within the .sxw zip file there
are several files that are encrypted. One out of 100 or so
email attachments as .sxw will possibly be banned as MS executable.
See https://intevation.de/roundup/kolab/issue1458 for more
a server application that got hit by the bug.
To test for the problem:
printf \\xb8\\x1a\\x0a | file -
/dev/stdin: COM executable for DOS
For Debian Sarge this problem does not exist as big,
because those patterns are commented out.
To find the potentially dangerous patterns:
awk '/^[^>#].*( |\t)byte/ {print $0;} ' /usr/share/file/magic
0 byte 0xe9 DOS executable (COM)
0 byte 0x8c DOS executable (COM)
0 byte 0xeb DOS executable (COM)
0 byte 0xb8 COM executable
Proposed solution:
Alternative a) Comment out the short executable patterns.
Alternative b) Use the magic format feature to print data when
the first byte is met and print more for further level
check.
Drawback: Is might leave "data" and "executable" on
one printout message, which might not be expected.
Am attaching a patch for Debian's magic file, which has alternative b).
Thanks,
Bernhard
--
Managing Director - Owner, www.intevation.net (Free Software Company)
Germany Coordinator, fsfeurope.org (Non-Profit Org for Free Software)
www.kolab-konsortium.com (Email/Groupware Solution, Professional Service)
--- /kolab/share/file.org/magic 2005-12-18 22:23:34.000000000 +0100
+++ /kolab/share/file/magic 2006-10-17 20:15:13.554411551 +0200
@@ -7951,15 +7951,15 @@
# Uncommenting only the first two lines will cover about 2/3 of COM files,
# but it isn't feasible to match all COM files since there must be at least
# two dozen different one-byte "magics".
-0 byte 0xe9 MS-DOS executable (COM)
->6 string SFX\ of\ LHarc (%s)
-0 byte 0x8c MS-DOS executable (COM)
+0 byte 0xe9 data
+>6 string SFX\ of\ LHarc MS-DOS executable (COM) (%s)
+#0 byte 0x8c MS-DOS executable (COM)
# 0xeb conflicts with "sequent" magic
-0 byte 0xeb MS-DOS executable (COM)
->4 string \ $ARX \b, ARX self-extracting archive
->4 string \ $LHarc \b, LHarc self-extracting archive
->0x20e string SFX\ by\ LARC \b, LARC self-extracting archive
-0 byte 0xb8 COM executable for MS-DOS
+0 byte 0xeb data
+>4 string \ $ARX MS-DOS executable (COM), ARX self-extracting archive
+>4 string \ $LHarc MS-DOS executable (COM), LHarc self-extracting archive
+>0x20e string SFX\ by\ LARC MS-DOS executable (COM), LARC self-extracting archive
+#0 byte 0xb8 COM executable for MS-DOS
# many compressed/converted COMs start with a copy loop instead of a jump
0x6 search/0xa \xfc\x57\xf3\xa5\xc3 COM executable for MS-DOS
0x6 search/0xa \xfc\x57\xf3\xa4\xc3 COM executable for MS-DOS
pgpNhTObcfZJs.pgp
Description: PGP signature
--- End Message ---
