[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
>>> So for mime types to distinguish, "file" needs to grow reporting of the INTERP presence. Distinguish between shared libraries and PIC executables based on INTERP ELF header is not always correct. Consider following 2 exceptions: GLIBC main library libc-2.24.so This shared object has an INTERP header, which is /lib64/ld-linux-x86-64.so.2 in my system. However we usually considering it a shared library, not an executable. GLIBC dynamic linker ld-2.24.so This shared object doesn't have INTERP header because this object itself is an interpreter. It should be considered as an executable since it is useful to load and run GLIBC linked dynamic executables. This indicates a clear boundary between shared libraries and PIC executables just does not exist. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: Confirmed Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
>>> Yes, this is very much a bug. While ELF position independent executables are ELF shared objects, they weren't being recognized as executables by desktop launchers. So they wouldn't run. So those launchers should accept shared objects (application/x-sharedlib) as executables from now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: Confirmed Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
Electron applications using Electron 4.0.0 beta/nightly are effected by this bug making it impossible for developers to create Linux applications and have it easily work using that version, doesn't effect applications developed Electron 3.0.6 latest but this is a seriously annoying bugs that will cause issues with Linux users and needs to be patched. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: Confirmed Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
What does "file --mime-type" return for dynamic libraries? Yes, this is very much a bug. While ELF position independent executables are ELF shared objects, they weren't being recognized as executables by desktop launchers. So they wouldn't run. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: Confirmed Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
And I don't think this is a bug because technically an ELF position independent executable IS a ELF shared object, right? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: Confirmed Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
Looks like the upstream fix makes many dynamic libraries wrongly detected as 'pie executable's. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906727 ** Bug watch added: Debian Bug tracker #906727 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906727 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: Confirmed Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: file (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: Confirmed Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
Has this been fixed upstream? Looking at the changelog, there has been a related change, but I'm not sure if it resolves the issue yet, it now says they're both executables. https://github.com/file/file/blob/219846094c7593e27453e62855e61181089c48cf/ChangeLog file 5.3.3: python3.6: ELF 64-bit LSB pie executable x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.4.0, with debug_info, not stripped libpython3.6m.so.1.0: ELF 64-bit LSB pie executable x86-64, version 1 (SYSV), dynamically linked, with debug_info, not stripped file 5.3.2: python3.6: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.4.0, with debug_info, not stripped libpython3.6m.so.1.0: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, with debug_info, not stripped -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: Confirmed Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
** Tags removed: rls-bb-incoming ** Tags added: rls-bb-notfixing -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: New Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
** Tags added: rls-bb-incoming -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: New Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
I've had a discussion with Christos Zoulas, the root maintainer of ‘file’, and they will make the necessary changes in due course. Whether this will be noticed by all the forks and re-implementations such as xdgmime in Gnome, I don't know. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: New Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
This is (sort of) a bug in file. The problem is not being able to distinguish between shared objects and PIE binaries. (The latter have INTERP ELF sections and can be run directly.) $ readelf -l /bin/true ... Elf file type is EXEC (Executable file) ... INTERP 0x0238 0x00400238 0x00400238 0x001c 0x001c R 1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] ... $ readelf -l /usr/lib/x86_64-linux-gnu/libmagic.so.1.0.0 ... Elf file type is DYN (Shared object file) ...[no INTERP]... $ readelf -l /usr/bin/ssh ... Elf file type is DYN (Shared object file) ... INTERP 0x0238 0x0238 0x0238 0x001c 0x001c R 1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] So for mime types to distinguish, "file" needs to grow reporting of the INTERP presence. This has become an issue in bionic due to PIE-by-default. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: New Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
It is also an issue on bionic: $ schroot -u root -c bionic-amd64 (bionic-amd64)root@impulse:/tmp# echo "int main() { return 0; }" > foo.c (bionic-amd64)root@impulse:/tmp# gcc -o foo foo.c (bionic-amd64)root@impulse:/tmp# file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=5222fe7f5f12ee8d286b84f93c981cab98ad382a, not stripped But not on xenial: $ schroot -u root -c xenial-amd64 (xenial-amd64)root@impulse:/tmp# echo "int main() { return 0; }" > foo.c (xenial-amd64)root@impulse:/tmp# gcc -o foo foo.c (xenial-amd64)root@impulse:/tmp# file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=5a079b5be569b3e0527b9685f1c7811fb193d37c, not stripped Using gcc from xenial and file from bionic though the file is identified as an executable so I don't think its file. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: New Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
** Tags added: bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: New Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-sharedlib Workaround (unsafe?): $ echo "int main() { return 0; }" > foo.c $ gcc -o foo-nopie foo.c -no-pie $ file foo-nopie foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped $ file --mime-type foo-nopie foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/file/+bug/1747711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1747711] Re: file mis-identifies modern executables as application/x-sharedlib
** Information type changed from Private Security to Public Security ** Description changed: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: - $ echo "int main() { return 0; }" > foo.c - $ gcc -o foo foo.c - $ file foo - foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped - $ file --mime-type foo - foo: application/x-executable + $ echo "int main() { return 0; }" > foo.c + $ gcc -o foo foo.c + $ file foo + foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped + $ file --mime-type foo + foo: application/x-executable Actual behaviour: - $ echo "int main() { return 0; }" > foo.c - $ gcc -o foo foo.c - $ file foo - foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped - $ file --mime-type foo - foo: application/x-sharedlib + $ echo "int main() { return 0; }" > foo.c + $ gcc -o foo foo.c + $ file foo + foo: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped + $ file --mime-type foo + foo: application/x-sharedlib Workaround (unsafe?): - $ echo "int main() { return 0; }" > foo.c - $ gcc -o foo-nopie foo.c -no-pie - $ file foo-nopie - foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped - $ file --mime-type foo-nopie - foo-nopie: application/x-executable + $ echo "int main() { return 0; }" > foo.c + $ gcc -o foo-nopie foo.c -no-pie + $ file foo-nopie + foo-nopie: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=3eb8c581f43c19997e3c828f5a9730dbdc794470, not stripped + $ file --mime-type foo-nopie + foo-nopie: application/x-executable gcc now defaults to building with PIE enabled for security reasons. Also affects: nautilus (and likely other graphical file managers like those on Lubuntu) - because nautilus uses mime-type to determine if a file is executable, double-click to run a program no longer works. Also noted on: Gnome Bugs - https://bugzilla.gnome.org/show_bug.cgi?id=737849 (2014) - before PIE became the default build option. This may be an upstream issue. This may not affect architectures outside x86.* ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: file 1:5.32-1 ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13 Uname: Linux 4.13.0-32-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Feb 6 11:21:20 2018 InstallationDate: Installed on 2017-05-11 (270 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: file UpgradeStatus: Upgraded to artful on 2017-10-21 (108 days ago) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to file in Ubuntu. https://bugs.launchpad.net/bugs/1747711 Title: file mis-identifies modern executables as application/x-sharedlib Status in file package in Ubuntu: New Bug description: file doesn't recognize modern PIE (Position Independent Executable) x86 executables as such, reporting them as “application/x-sharedlib”. Consequently, only non-PIE executables can be opened in graphical file managers such as nautilus. This may cause a minor (?) security risk if a commonly-published workaround is attempted. Expected behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo foo.c $ file foo foo: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6e7749f995a89a53f74ec29d3c16fcf3f56be90f, not stripped $ file --mime-type foo foo: application/x-executable Actual behaviour: $ echo "int main() { return 0; }" > foo.c $ gcc -o foo