[svlug] (forw) Re: [OCLUG] Pulling text out of a data file

Rick Moen rick at linuxmafia.com
Sun Jan 22 02:32:41 PST 2017


----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Sun, 22 Jan 2017 01:10:11 -0800
From: Rick Moen <rick at linuxmafia.com>
To: oclug at mailman.oclug.org
Subject: Re: [OCLUG] Pulling text out of a data file

Quoting thomas moore (thomasmoore17 at gmail.com):

> Hi all,
> 
> Suppose I have a data file or some such. If you try to less this file you
> get a bunch of garbage. However sometimes contained in the file are
> short sequences of text. If you want to read these little scraps all
> you have to do is scroll down through the file - - - provided the file
> is short, say a few kBs.

Unless you are sure where the binary file came from (and can rule out it
being crafted to attack unwary Linux admins), you should take care to
include the '-a' switch when you use GNU strings(1) for this purpose,
because of this surprising security pitfall, the libbfd library::
https://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.htm

In fact, an argument can be made for

1. aliasing 'strings' to 'strings -a' in your login's ~/.bashrc, and
2. trying to avoid running strings(1) with root privilege.

-- 
Cheers,             "It's funny that pirates were always going around searching
Rick Moen           for treasure, and they never realized that the real 
rick at linuxmafia.com treasure was the fond memories they were creating."
McQ! (4x80)                                   -- Deep Thoughts by Jack Handey
_______________________________________________
OCLUG mailing list -- OCLUG at mailman.oclug.org
http://mailman.oclug.org/mailman/listinfo/oclug

----- End forwarded message -----



More information about the svlug mailing list