Skip Menu |
 

This queue is for tickets about the File-MMagic CPAN distribution.

Report information
The Basics
Id: 23737
Status: new
Priority: 0/
Queue: File-MMagic

People
Owner: Nobody in particular
Requestors: ben [...] qolc.net
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.27
Fixed in: (no value)



Subject: Deciding file type based on file permissions considered harmful
Download (untitled) / with headers
text/plain 1.3k
This is related to #16076 but is a more general issue. MMagic.pm v1.27 line 547-563: # 2) check for script if (-x $file && -T _) { # Note, some magic files include elaborate attempts # to match #! header lines and return pretty responses # but this slows down matching and is unnecessary. my $line1 = <$fh>; if ($line1 =~ /^\#!\s*(\S+)/) { $desc .= " executable $1 script text"; } else { $desc .= " commands text"; } $fh->close(); return "x-system/x-unix; $desc"; } This produces invalid results depending on whether a file has or has not execute permission set. Because this test happens *before* any real magic tests, any "text-like" file (according to Perl's -T) which is executable is returned as "commands text", even if it is actually a PDF for example. The test should be reduced to checking for a shebang line ONLY. If it finds one, it can then test -x and add the word "executable", but the generic fallback of just "commands text" is just plain wrong. There is an argument that the test as a whole is unnecessary because magic already tests for this, and in a more correct way. For example this test will identify a shar archive (if executable) as a /bin/sh script which, while technically correct, is less information than would be returned by magic.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.