View Issue Details

IDProjectCategoryView StatusLast Update
0000592filegeneralpublic2017-02-01 12:41
Assigned ToChristos Zoulas 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary0000592: secure use
DescriptionWhen analysing malicious files or rather finding out their mime-types, it is save to use file for this task?

Are there any options to use that would reduce the risk of specially crafted files to trigger vulnerabilities in file?
The main use of file is for me to find out if something is text or binary. Is there any more safe alternative?




Christos Zoulas

Christos Zoulas

2017-02-01 12:41

manager   ~0001472

For telling if a file is ascii or binary you can use a program that reads each character of the file and & it with 0x80. The first one you find, it will be non-ascii. In reality with i17n text this has become more complex to do, but still you can use other tools to do it, which might be simpler and safer.

Issue History

Date Modified Username Field Change
2017-01-31 20:09 ffdir New Issue
2017-01-31 20:09 ffdir Tag Attached: security
2017-02-01 12:39 Christos Zoulas Assigned To => Christos Zoulas
2017-02-01 12:39 Christos Zoulas Status new => assigned
2017-02-01 12:41 Christos Zoulas Status assigned => resolved
2017-02-01 12:41 Christos Zoulas Resolution open => fixed
2017-02-01 12:41 Christos Zoulas Note Added: 0001472