On Wed, Sep 29, 2021 at 3:41 PM Miro Hrončok <mhron...@redhat.com> wrote: > > On 29. 09. 21 14:48, Fabio Valentini wrote: > > On Wed, Sep 29, 2021 at 1:53 PM Miro Hrončok <mhron...@redhat.com> wrote: > >> > >> On 25. 09. 21 11:12, Fabio Valentini wrote: > >>> So, if I understand correctly, the problem is that right now there's > >>> no *existing* tool that reliably detects if a given "executable" (has > >>> mode +x) is an actual executable "script" with a valid shebang? > >> > >> - We need to detect "scripts" that are executable but have no shebnag. > >> - We need to detect "scripts" that are executable and have a shebnag to > >> mangle. > >> - We might want to detect binary files that are executable but shouldn't be > >> (such as images), but this was not the original purpose of the BRP > >> script. > > > > If I gave you a program /usr/bin/isexec that determines if a file is a > > valid executable, i.e. > > - ELF binary with ELF header / magic number, > > - PE binary with MZ magic number, > > - script with shebang line (whether in need of mangling or not), > > would that help? > > > > (I.e. something like this POC: https://github.com/ironthree/isexec ?) > > I am not sure I want to throw in a one-man-maintained rust program into the > mixture. This could open can of worms, e.g.: > > - bus factor = 1 > - RHEL maintainer wiling to maintain this in RHEL 10 = 0 > - no "full" architecture support > - (possibly?) larger dependency chain just to build this > > But even ignoring this, we still need to detect "scripts without shebangs".
I was not suggesting that we actually take this and use it. I was just trying to demonstrate that solving different subsets of the problem should be easy to do. But to me the problem you're trying to solve in this thread is very fuzzy and not well-defined, so I'm not sure if a single existing tool will just be able to solve it. So why not split the problem into smaller parts, and use the best available tool to solve *those individial tasks*, instead of looking for a "one size-hits-all hammer"? (PS: "script without shebangs" would be rejected as "invalid executable" too by my POC, because the file contents would not match any heuristic. As would executable PNG files, etc.) Fabio _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
