Re: Proposal: new fsfs.conf properties

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Wed, 12 Jul 2017 13:37:07 +0000

Branko Čibej wrote on Wed, 12 Jul 2017 12:09 +0200:
> I wasn't really proposing to use libmagic on the server. My point is
> that instead of using file name suffixes (which the compression and
> deltification code don't know about), we'd do some sort of inspection
> instead. Detecting ZIP files, or gzip/bzip2/xz-compressed files, etc.,
> is fairly easy just from looking at a few bytes of headers. Same goes
> for most image and video formats.

That's an option, but it would mean re-solving the problem libmagic
solves. Is there a way for us to use libmagic securely?

E.g., we could give to libmagic only the first 10 or 20 bytes of the
file (which is enough for it to recognise mpeg/jpeg/xz files, in my
testing), or we could ask libmagic to provide an API that only runs
'safe' magic file tests (e.g., strcmp/memcmp-based tests only)…

Cheers,

daniel
Received on 2017-07-12 15:37:14 CEST

This message: [ Message body ]
Next message: Johan Corveleyn: "Re: [RFC] Shelving and Checkpointing"
Previous message: Markus Schaber: "RE: Proposal: new fsfs.conf properties"
In reply to: Branko Čibej: "Re: Proposal: new fsfs.conf properties"
Next in thread: Daniel Shahaf: "Re: Proposal: new fsfs.conf properties"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]