Detecting fake library versions
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Jun 17 07:34:58 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 17/06/2010 01:59:04, Warren Block wrote:
> On Wed, 16 Jun 2010, Warren Block wrote:
>
>> "ln -s libintl.so.9 libintl.so.8" has been misused a lot lately.
>>
>> Are there any programs that will detect these links and remind the
>> user that they have a new library masquerading as an old one?
>
> A quick hack in Ruby to address this:
>
> http://www.wonkity.com/~wblock/fakelib/fakelib.rb
>
> It's not particularly fast or elegant. On the other hand, it's short
> and does detect the link above.
Trying much too hard there. This command is all you need:
find /usr/lib /lib -name '*.so.*' -type l
Any file named libfoo.so.N in the base system should be a regular file:
any symbolic links indicate shlib abuse.
This is not generally true for shlibs installed from ports, mostly due
to the prevalence of linuxisms like ABI version numbers that aren't
simple integers. Even so, applying a little intelligent scrutiny to the
list of results will help you sort out any spurious linkage.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwZ0BwACgkQ8Mjk52CukIxoXACfUoEVRHvj7Lc/mjjpwp2WLPnt
0kEAn3IrKC+vPIw0NRduPL/ZFtrJP3rQ
=Dwna
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list