View Issue Details

IDProjectCategoryView StatusLast Update
0000527fileGeneralpublic2024-05-19 21:53
Reportereschwartz Assigned Tochristos  
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Product Version5.45 
Summary0000527: seccomp sandbox when forking is blocked, results in bad mimetype report
Description```
$ file -z /var/cache/distfiles/file-5.45.tar.gz
/var/cache/distfiles/file-5.45.tar.gz: ERROR:[zlib: Fork is required to uncompress, but disabled] (gzip compressed data, last modified: Thu Jul 27 19:48:44 2023, max compression, from Unix)
```

Ok?

```
$ file -bizL /var/cache/distfiles/file-5.45.tar.gz
application/x-decompression-error-zlib-Fork-is-required-to-uncompress--but-disabled compressed-encoding=application/gzip; charset=binary
```

Wait, what is

application/x-decompression-error-zlib-Fork-is-required-to-uncompress--but-disabled

This is no mimetype I have ever heard of...
Additional InformationOn Gentoo Linux, with:

```
$ emerge -pv sys-apps/file
[binary R ] sys-apps/file-5.45-r4-4::gentoo USE="bzip2 seccomp zlib -lzip -lzma -python -static-libs -verify-sig -zstd" ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python3_11 -python3_10 -python3_12%" 820 KiB
```

So, zlib support is there. And indeed:
```
$ readelf -d /usr/lib64/libmagic.so.1.0.0

 0x0000000000000001 (NEEDED) Shared library: [libbz2.so.1]
 0x0000000000000001 (NEEDED) Shared library: [libz.so.1]
 0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
 0x000000000000000e (SONAME) Library soname: [libmagic.so.1]
```

It is unclear to me why it needs to fork anyway, but regardless it seems odd to insert the error message as the mimetype. I sort of understand the human-readable error interjected into the human-readable output, though.
TagsNo tags attached.

Activities

christos

2024-05-18 15:07

manager   ~0004048

I think it is better to print an error message in the mime string as opposed to printing the original mime.

eschwartz

2024-05-19 21:53

reporter   ~0004050

A mimetype is intended to be machine-readable so I don't really see the use case for printing an error message inside of it. IMO just fail, or add a machine-readable error section...

It seems that .gz files produce inline errors, but zip files or xz files simply abort with "bad system call", which is quite inconsistent and also generally indicates that dying is a meaningful result.

Issue History

Date Modified Username Field Change
2024-05-15 19:21 eschwartz New Issue
2024-05-18 15:06 christos Assigned To => christos
2024-05-18 15:06 christos Status new => assigned
2024-05-18 15:07 christos Status assigned => feedback
2024-05-18 15:07 christos Note Added: 0004048
2024-05-19 21:53 eschwartz Note Added: 0004050
2024-05-19 21:53 eschwartz Status feedback => assigned