Detecting fake library versions
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Jun 17 07:39:42 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 17/06/2010 08:34:52, Matthew Seaman wrote:
> On 17/06/2010 01:59:04, Warren Block wrote:
>> On Wed, 16 Jun 2010, Warren Block wrote:
>
>>> "ln -s libintl.so.9 libintl.so.8" has been misused a lot lately.
>>>
>>> Are there any programs that will detect these links and remind the
>>> user that they have a new library masquerading as an old one?
>
>> A quick hack in Ruby to address this:
>
>> http://www.wonkity.com/~wblock/fakelib/fakelib.rb
>
>> It's not particularly fast or elegant. On the other hand, it's short
>> and does detect the link above.
>
> Trying much too hard there. This command is all you need:
>
> find /usr/lib /lib -name '*.so.*' -type l
>
> Any file named libfoo.so.N in the base system should be a regular file:
> any symbolic links indicate shlib abuse.
>
> This is not generally true for shlibs installed from ports, mostly due
> to the prevalence of linuxisms like ABI version numbers that aren't
> simple integers. Even so, applying a little intelligent scrutiny to the
> list of results will help you sort out any spurious linkage.
"But what about hard links?" I hear you ask. Simple:
find /usr/lib /lib -name '*.so.*' -links +2
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwZ0TkACgkQ8Mjk52CukIzpZwCgkwa7oyhwq6To0s08eAYT+flO
PnIAn3XG7Fs+TOLPP00k8z/kfP0ZhOKd
=3I0Z
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list