On Tue, Nov 17, 2015 at 4:25 PM, <to...@tuxteam.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, Nov 17, 2015 at 04:13:48PM -0500, shawn wilson wrote: >> On Tue, Nov 17, 2015 at 3:24 PM, <to...@tuxteam.de> wrote: > > [...] > >> > Now you lost me. >> > >> >> If magic were smarter (was able to derive from syntax or had regex >> capability in the format), it could've still told me I was looking at >> a script (and not just a bunch of text - which is next to useless). It >> doesn't, so arguing that magic could be used (not an argument I've >> seen, but one I was expecting and figured I'd preempt) instead of an >> extension is lacking. > > Got it. But magic *can* do many of those things. A headless shell > script is a tough nut to crack, though: "echo" could occur as well > in a Tcl script (via Tcl's crazy but genius "unknown" mechanism). >
You're right - just "script" then. I'm not dissing magic - it's a good starting point in forensics or to see what's in a bin directory, but shouldn't be relied on (also see ftimes xmagic for a more featureful magic implementation w/e sf comes back up). My point is that you can't determine what you're looking at w/o being told (an extension) or looking at it. So (my original point) you loose data by removing/not having an extension.
