Hi Roberto Thank you and your last comment made me chuckle.
Working with unknown executables is part and parcel of what we do. If we can automatically identify them, which we often can, that is the real time saver. My guess is that we will have to take our list of ‘unknowns’ and compare it to the list of Busybox packages and see what we can tie together. More painful than the os-release way, but I understand what Busybox is about. I was just keeping my fingers crossed! Kind regards, Nigel Hopper Security Consultant: Cybersecurity Assessment & Response Services Open Source Software Auditor Advisory Software Engineer QSE Development Top Gun My working week is Tuesday to Friday. [signature_1589533700] Phone: Office +44 (0) 1962815065<tel:+441962815065> Phone: Mobile +44 (0) 7772 808235<tel:+447772808235> E-mail: [email protected]<mailto:[email protected]> Security and Legal Scanning Services IBM UK Ltd, Mail Point 168, Hursley Park, Winchester, Hampshire SO21 2JN "One person with a belief is equal to a force of ninety-nine who only have interest." "What distinguishes the majority of men from the few is their inability to act according to their beliefs." - John Stewart Mill 1806 –1873 IBM United Kingdom Limited Registered in England and Wales with number 741598 Registered office: Building C, IBM Hursley Office, Hursley Park Road, Winchester, Hampshire SO21 2JN From: Roberto A. Foglietta <[email protected]> Date: Wednesday, 25 March 2026 at 15:37 To: Nigel Hopper <[email protected]> Cc: Jody Bruchon <[email protected]>, [email protected] <[email protected]> Subject: [EXTERNAL] Re: Busybox identification On Wed, 25 Mar 2026 at 16:19, Nigel Hopper via busybox <[email protected]> wrote: > > Hi > > Thank you. I guess I should have been clearer. My apologies. We save Docker > images to disk and then unpack them and explore them as a file system to > identify what is in them. From a layer perspective this works as we have to > identify anything in each of the layers, even if the intent was to delete > them. > > This will rule out running any commands in the Docker image and just relying > on what can be found in the file system and its structure. Then you are searching for an executable, not just a path that can be a link. Also libraries are somehow a kind of executables, also scripts in various languages. Usually the command "file" coupled with a good signature databases is able to identify the nature of the file. Note that scripts are text, when they haven't the execution bit enabled nor shebang. However, I do not think that busybox is the correct place for this debate about what is an OS or an executable in strict or generic terms. IMHO, obviously. Best regards, -- Roberto A. Foglietta +49.176.274.75.661 +39.349.33.30.697 Unless otherwise stated above: IBM United Kingdom Limited Registered in England and Wales with number 741598 Registered office: Building C, IBM Hursley Office, Hursley Park Road, Winchester, Hampshire SO21 2JN
img-5ba34267-ea5b-40c6-87ed-dd0388190870
Description: img-5ba34267-ea5b-40c6-87ed-dd0388190870
_______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
