On Wed, 25 Mar 2026 at 16:43, Nigel Hopper <[email protected]> wrote:
>
> Hi Roberto
>
> Thank you and your last comment made me chuckle.
>
> Working with unknown executables is part and parcel of what we do. If we can
> automatically identify them, which we often can, that is the real time saver.
>
> My guess is that we will have to take our list of ‘unknowns’ and compare it
> to the list of Busybox packages and see what we can tie together.
>
> More painful than the os-release way, but I understand what Busybox is about.
> I was just keeping my fingers crossed!
I like the people who do jokes like your message or your signature of
the message either one or the other. Anyway, "file" is a command:
FILE(1) BSD General Commands
Manual FILE(1)
NAME
file — determine file type
SYNOPSIS
file [-bcdEhiklLNnprsSvzZ0] [--apple] [--exclude-quiet]
[--extension] [--mime-encoding] [--mime-type] [-e testname]
[-F separator] [-f namefile] [-m magicfiles] [-P name=value] file ...
file -C [-m magicfiles]
file [--help]
DESCRIPTION
This manual page documents version 5.41 of the file command.
>
>
> Kind regards,
>
>
>
>
>
> Nigel Hopper
> Security Consultant: Cybersecurity Assessment & Response Services
> Open Source Software Auditor
>
> Advisory Software Engineer
> QSE Development Top Gun
>
>
>
> My working week is Tuesday to Friday.
>
>
>
>
>
> Phone: Office +44 (0) 1962815065
>
> Phone: Mobile +44 (0) 7772 808235
>
> E-mail: [email protected]
>
> Security and Legal Scanning Services
>
>
>
> IBM UK Ltd, Mail Point 168, Hursley Park,
> Winchester, Hampshire SO21 2JN
>
>
>
>
>
> "One person with a belief is equal to a force of ninety-nine who only have
> interest."
> "What distinguishes the majority of men from the few is their inability to
> act according to their beliefs."
> - John Stewart Mill 1806 –1873
>
>
>
>
>
> IBM United Kingdom Limited
>
> Registered in England and Wales with number 741598
>
> Registered office: Building C, IBM Hursley Office, Hursley Park Road,
> Winchester, Hampshire SO21 2JN
>
>
> From: Roberto A. Foglietta <[email protected]>
> Date: Wednesday, 25 March 2026 at 15:37
> To: Nigel Hopper <[email protected]>
> Cc: Jody Bruchon <[email protected]>, [email protected]
> <[email protected]>
> Subject: [EXTERNAL] Re: Busybox identification
>
> On Wed, 25 Mar 2026 at 16:19, Nigel Hopper via busybox
> <[email protected]> wrote:
> >
> > Hi
> >
> > Thank you. I guess I should have been clearer. My apologies. We save Docker
> > images to disk and then unpack them and explore them as a file system to
> > identify what is in them. From a layer perspective this works as we have to
> > identify anything in each of the layers, even if the intent was to delete
> > them.
> >
> > This will rule out running any commands in the Docker image and just
> > relying on what can be found in the file system and its structure.
>
> Then you are searching for an executable, not just a path that can be
> a link. Also libraries are somehow a kind of executables, also scripts
> in various languages. Usually the command "file" coupled with a good
> signature databases is able to identify the nature of the file. Note
> that scripts are text, when they haven't the execution bit enabled nor
> shebang.
>
> However, I do not think that busybox is the correct place for this
> debate about what is an OS or an executable in strict or generic
> terms. IMHO, obviously.
>
> Best regards,
> --
> Roberto A. Foglietta
> +49.176.274.75.661
> +39.349.33.30.697
> Unless otherwise stated above:
>
> IBM United Kingdom Limited
> Registered in England and Wales with number 741598
> Registered office: Building C, IBM Hursley Office, Hursley Park Road,
> Winchester, Hampshire SO21 2JN
Best regards,
--
Roberto A. Foglietta
+49.176.274.75.661
+39.349.33.30.697
_______________________________________________
busybox mailing list
[email protected]
https://lists.busybox.net/mailman/listinfo/busybox
