Detecting fake library versions
m.seaman at infracaninophile.co.uk
Thu Jun 17 07:39:42 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 17/06/2010 08:34:52, Matthew Seaman wrote:
> On 17/06/2010 01:59:04, Warren Block wrote:
>> On Wed, 16 Jun 2010, Warren Block wrote:
>>> "ln -s libintl.so.9 libintl.so.8" has been misused a lot lately.
>>> Are there any programs that will detect these links and remind the
>>> user that they have a new library masquerading as an old one?
>> A quick hack in Ruby to address this:
>> It's not particularly fast or elegant. On the other hand, it's short
>> and does detect the link above.
> Trying much too hard there. This command is all you need:
> find /usr/lib /lib -name '*.so.*' -type l
> Any file named libfoo.so.N in the base system should be a regular file:
> any symbolic links indicate shlib abuse.
> This is not generally true for shlibs installed from ports, mostly due
> to the prevalence of linuxisms like ABI version numbers that aren't
> simple integers. Even so, applying a little intelligent scrutiny to the
> list of results will help you sort out any spurious linkage.
"But what about hard links?" I hear you ask. Simple:
find /usr/lib /lib -name '*.so.*' -links +2
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the freebsd-questions