Detecting fake library versions
Warren Block
wblock at wonkity.com
Thu Jun 17 15:04:21 UTC 2010
On Thu, 17 Jun 2010, Matthew Seaman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 17/06/2010 01:59:04, Warren Block wrote:
>> On Wed, 16 Jun 2010, Warren Block wrote:
>>
>>> "ln -s libintl.so.9 libintl.so.8" has been misused a lot lately.
>>>
>>> Are there any programs that will detect these links and remind the
>>> user that they have a new library masquerading as an old one?
>>
>> A quick hack in Ruby to address this:
>>
>> http://www.wonkity.com/~wblock/fakelib/fakelib.rb
>>
>> It's not particularly fast or elegant. On the other hand, it's short
>> and does detect the link above.
>
> Trying much too hard there. This command is all you need:
>
> find /usr/lib /lib -name '*.so.*' -type l
>
> Any file named libfoo.so.N in the base system should be a regular file:
> any symbolic links indicate shlib abuse.
>
> This is not generally true for shlibs installed from ports, mostly due
> to the prevalence of linuxisms like ABI version numbers that aren't
> simple integers. Even so, applying a little intelligent scrutiny to the
> list of results will help you sort out any spurious linkage.
Could you expand on this part?
find reports 83 links in /usr/local/lib. But only the fake libintl.so.8
is linked to a port-created library but not recorded as part of the
gettext package.
-Warren Block * Rapid City, South Dakota USA
More information about the freebsd-questions
mailing list