Date: Fri, 21 Mar 2003 16:22:51 -0600 (CST) From: hawkeyd@visi.com (D J Hawkey Jr) To: kwc@TheWorld.com, freebsd-stable@freebsd.org Subject: Re: Recent rpc/libc xdr security advisory & patch Message-ID: <200303212222.h2LMMpl69466@sheol.localdomain> In-Reply-To: <200303211954.OAA6062841_shell.TheWorld.com@ns.sol.net> References: <200303211954.OAA6062841_shell.TheWorld.com@ns.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <200303211954.OAA6062841_shell.TheWorld.com@ns.sol.net>,
kwc@TheWorld.com writes:
> Hello -stable:
>
> With regard to the recent rpc/libc xdr security advisory and
> patch that went into RELENG_4 (& others), what would be
> {a,some} good way(s) to find any programs that statically
> link the relevant library(ies)? Is this even possible?
Try this:
find $DIR -type f \
|xargs readelf -a 2>/dev/null \
|awk '/^File:/ { name = $2; printed = 0; } \
/XDR|xdr/ { if (!printed) { print name; printed = 1; } }' \
|xargs ldd 2>/dev/null
If it reports any pathnames without listing shared libraries, then those
are statically linked.
I did the same thing for SA-03:02.openssl, but used "/SSL|TLS/" where
"/XDR|xdr" is. Both (either?) values are from public header files.
> Thanks,
> -kc
HTH,
Dave
--
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303212222.h2LMMpl69466>