Today's article covers the 'file' command...

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
11,498
Reaction score
9,993
Credits
95,326
So, I searched and searched. I thought I'd covered this before, but I couldn't find it anywhere. The search terms are just too generic and there are hundreds of articles to otherwise weed through. Well, it turns out that I have covered it before - quite a while ago. Ah well... If folks expected perfection, they'd probably not be online (or sorely disappointed).


Ah well... On a positive note, we have people who probably weren't around for the first one.
 


Linux pretty much treats everything like a file, pretty much. Files also contain a ‘magic number‘ – which is why you can rename an mp3 file as a gif file and it’ll still open in your media player. Basically, the magic number is the opening two bytes of a file that tell your system what kind of file you should be expecting.

Not all files are organized in this way, and it should not be a "template". It should not be the only way to identify a file since it could be exploited by somebody who writes bad software to harm others. Is this true for Linux executable? Because I notice "ELF" near the beginning of such a file. A long time ago I discovered a MS-DOS/Windows EXE file could always be identified with "MZ" at the start, after the "founder" of the format. Also "PK" for a ZIP file. However for a WAV and many other kinds of file types not necessarily related to each other, the very beginning of a file is "RIFF", needs to pick up the first four bytes rather than two. This was just a thought to react to the quotation. Otherwise good article. (thumbs up)
 
It should not be the only way to identify a file since it could be exploited by somebody who writes bad software to harm others. Is this true for Linux executable?

There are all sorts of files that can have the executable bit set, including .sh files (for example). It's also not the only way, the software you use would then have to recognize it.

If you use the example in the article and change the extension to .gif, you will not fool the file command. If you try to open it, your system may try to open it with the same software it'd use for real image files. It'll toss an error at that point.

This is also why you can have 'foo' instead of 'foo.txt' and still have foo open as a plain text document.

since it could be exploited by somebody who writes bad software

I've pondered similar and really don't think it's going to be much of an issue with an attentive user. At least not by itself. It wouldn't automatically set the executable bit (for example). You'd have to do that on your own. If it was packaged with some sort of exploit, it might get interesting - but, again, an attentive user would notice when you open up a file that's supposed to be a media file only to have it ask for your password.

And, sadly, not everyone conforms to the standards - and there are often competing standards. Welcome to reality. There will always be outliers.

standards.png
 
I have two comments:

1. The "file" command:
Dang! When was the last time I used the file command? Back in the 1990s? The 1980s? The first thing I did was try it on a bunch of "tricky" files, and was impressed with the results. Nice, useful tool. Great hint. Thanks for sharing!

2. Most Linux Tips apply to Mac, too:
Most of the Linux Tips that @KGIII shares also apply to Terminal commands on Mac. (Macs run a type of Unix, which has many similarities to Linux.) Usually the same commands and same tips apply verbatim to Mac. Occasionally a common command will be slightly different. It may not include the same options or work in exactly the same way on both platforms. Be aware. In general, most commands work the same on both platforms.

FYI: Since 2019, the default Terminal shell on Mac has been zsh. The Terminal on older Macs defaults to bash.
 
The Terminal on older Macs defaults to bash.

When specific, I default to Bash. It's not quite universal, but it's definitely the default in the majority of the distros I've played with over the years. Much of what I share will work in all the Unix-like operating systems, from MacOS to Minix.

Nice, useful tool. Great hint. Thanks for sharing!

Yup. The command is still as viable today. It's also pretty hard to fool it (from my testing). Glad ya liked it.
 

Members online


Top