| Subject: | Deciding file type based on file permissions considered harmful |
This is related to #16076 but is a more general issue.
MMagic.pm v1.27 line 547-563:
# 2) check for script
if (-x $file && -T _) {
# Note, some magic files include elaborate attempts
# to match #! header lines and return pretty responses
# but this slows down matching and is unnecessary.
my $line1 = <$fh>;
if ($line1 =~ /^\#!\s*(\S+)/) {
$desc .= " executable $1 script text";
}
else { $desc .= " commands text"; }
$fh->close();
return "x-system/x-unix; $desc";
}
This produces invalid results depending on whether a file has or has not
execute permission set. Because this test happens *before* any real
magic tests, any "text-like" file (according to Perl's -T) which is
executable is returned as "commands text", even if it is actually a PDF
for example.
The test should be reduced to checking for a shebang line ONLY. If it
finds one, it can then test -x and add the word "executable", but the
generic fallback of just "commands text" is just plain wrong.
There is an argument that the test as a whole is unnecessary because
magic already tests for this, and in a more correct way. For example
this test will identify a shar archive (if executable) as a /bin/sh
script which, while technically correct, is less information than would
be returned by magic.