Detecting fake library versions
m.seaman at infracaninophile.co.uk
Thu Jun 17 07:34:58 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 17/06/2010 01:59:04, Warren Block wrote:
> On Wed, 16 Jun 2010, Warren Block wrote:
>> "ln -s libintl.so.9 libintl.so.8" has been misused a lot lately.
>> Are there any programs that will detect these links and remind the
>> user that they have a new library masquerading as an old one?
> A quick hack in Ruby to address this:
> It's not particularly fast or elegant. On the other hand, it's short
> and does detect the link above.
Trying much too hard there. This command is all you need:
find /usr/lib /lib -name '*.so.*' -type l
Any file named libfoo.so.N in the base system should be a regular file:
any symbolic links indicate shlib abuse.
This is not generally true for shlibs installed from ports, mostly due
to the prevalence of linuxisms like ABI version numbers that aren't
simple integers. Even so, applying a little intelligent scrutiny to the
list of results will help you sort out any spurious linkage.
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the freebsd-questions