[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how execute a script

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Nov 17, 2015 at 05:17:46PM -0500, shawn wilson wrote:

[...]

> > Got it. But magic *can* do many of those things. A headless shell
> > script is a tough nut to crack, though: "echo" could occur as well
> > in a Tcl script (via Tcl's crazy but genius "unknown" mechanism).
> >
> 
> You're right - just "script" then. I'm not dissing magic - it's a good
> starting point in forensics or to see what's in a bin directory, but
> shouldn't be relied on (also see ftimes xmagic for a more featureful
> magic implementation w/e sf comes back up).
> 
> My point is that you can't determine what you're looking at w/o being
> told (an extension)

Here we agree (up to your parens): the shebang[1] is just another way
of being told (just sticking a shebang in front of a file doesn't
guarantee that the invoked interpreter will be able to make heads or
tails of it). So in both cases it's just metadata (which always can
lie). What I'm trying to say is that stuffing the metadata in the file
itself is more robust than stuffing it in the file name (which never
was designed for that, at least not in Unix).

Current usage and conventions is a mixture of both.

>                     or looking at it. So (my original point) you loose
> data by removing/not having an extension.

still: less metadata into the file name and more into the file itself
reduces long-term pain.

[1] Or the 0x7F 'ELF', or the 0xFF 0xD8 <mumble mumble> 'JFIF' or whatever
   at the start of a file. All of 'em stating: "this os a JPEG, promised".
   If you really want to find out whether something is really a C file,
   you'd have to throw the C compiler at it. You find yourself quickly
   wrangling with Turing completeness, i.e. with decidability :-)

   And what's this (yes, I meet such things at $WORK):

   #!/bin/sh
   # Dont touch first 3 lines of this file \
   : ${TCL_DEBUG="-n"}; exec TclSh ${TCL_DEBUG:+"$TCL_DEBUG"} "$0" ${1+"$@"}

   Yes, a Polyglot. It's Tcl and shell. So... all metadata. In the file name
   or in the file itself.

- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlZMKW8ACgkQBcgs9XrR2kbmwwCeNQJxfRkO4UoaEW6a5W5aC78Q
GisAn0yROlZTbWdyLn+T7EsG6i7CSHfs
=1B0u
-----END PGP SIGNATURE-----
Reply to: