what actually uses xdr_mem.c?
Jacques A. Vidrine
nectar at FreeBSD.org
Wed Mar 26 14:10:26 PST 2003
On Wed, Mar 26, 2003 at 06:10:41AM -0600, D J Hawkey Jr wrote:
> Actually, I _would_ check the binaries. Scanning /usr/src doesn't cover
> anything installed via the ports collection (/usr/ports), from other
> sources, or "home-grown" software.
>
> A week or so ago, I posted a command that scans the binaries:
>
> find $DIR -type f \
> |xargs readelf -a 2>/dev/null \
> |awk '/^File:/ { name = $2; printed = 0; } \
> /XDR|xdr/ { if (!printed) { print name; printed = 1; } }' \
> |xargs ldd 2>/dev/null
>
> If it reports a pathed file without listing any shared libraries, then
> it is statically-linked.
>
> I can't say this is the definitive answer, but it worked in a controlled
> environment (i.e., known binaries), as well as a live system. You can
> break down it's components to see what each pipe does.
This approach won't work for static binaries (which is what the poster
was inquiring about).
It also will fail you in this case. Since (most) affected binaries do
not call xdrmem_* directly, those names will not appear in the
binaries' symbol tables. (Although related names might, which may or
may not be enough for you to go on.)
Cheers,
--
Jacques A. Vidrine <nectar at celabo.org> http://www.celabo.org/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
More information about the freebsd-security
mailing list