Detecting fake library versions

Matthew Seaman m.seaman at
Thu Jun 17 07:39:42 UTC 2010

Hash: SHA1

On 17/06/2010 08:34:52, Matthew Seaman wrote:
> On 17/06/2010 01:59:04, Warren Block wrote:
>> On Wed, 16 Jun 2010, Warren Block wrote:
>>> "ln -s" has been misused a lot lately.
>>> Are there any programs that will detect these links and remind the
>>> user that they have a new library masquerading as an old one?
>> A quick hack in Ruby to address this:
>> It's not particularly fast or elegant.  On the other hand, it's short
>> and does detect the link above.
> Trying much too hard there.  This command is all you need:
>    find /usr/lib /lib -name '*.so.*' -type l
> Any file named in the base system should be a regular file:
> any symbolic links indicate shlib abuse.
> This is not generally true for shlibs installed from ports, mostly due
> to the prevalence of linuxisms like ABI version numbers that aren't
> simple integers.  Even so, applying a little intelligent scrutiny to the
> list of results will help you sort out any spurious linkage.

"But what about hard links?" I hear you ask.  Simple:

  find /usr/lib /lib -name '*.so.*' -links +2



- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
JID: matthew at               Kent, CT11 9PW
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla -


More information about the freebsd-questions mailing list