From owner-freebsd-hackers@FreeBSD.ORG  Fri Oct  6 05:35:32 2006
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: hackers@FreeBSD.org
Delivered-To: freebsd-hackers@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BAD9D16A40F
	for <hackers@FreeBSD.org>; Fri,  6 Oct 2006 05:35:32 +0000 (UTC)
	(envelope-from infofarmer@gmail.com)
Received: from qb-out-0506.google.com (qb-out-0506.google.com [72.14.204.232])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 05C5743D4C
	for <hackers@FreeBSD.org>; Fri,  6 Oct 2006 05:35:31 +0000 (GMT)
	(envelope-from infofarmer@gmail.com)
Received: by qb-out-0506.google.com with SMTP id a10so201571qbd
	for <hackers@FreeBSD.org>; Thu, 05 Oct 2006 22:35:31 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth;
	b=aqbQ6bMItszXq/SwyvOwLAYQsjmIhTZnOPyWvE2Mzcjbw++3JHJFmA0U5UXIuqQ5lhHGMhrazUCDP/BMsZD/xCGE4+0AmKPEiuQA7sVFqRwdcvJdFq1tWBce0+/fHVIWW/sBw4Sd//xtGXd0J83wlV5dj/jKq1OYdcRLjAt4EhQ=
Received: by 10.35.102.18 with SMTP id e18mr5199609pym;
	Thu, 05 Oct 2006 22:35:31 -0700 (PDT)
Received: by 10.35.119.12 with HTTP; Thu, 5 Oct 2006 22:35:31 -0700 (PDT)
Message-ID: <cb5206420610052235t78033639vaa90429f07581078@mail.gmail.com>
Date: Fri, 6 Oct 2006 09:35:31 +0400
From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org>
Sender: infofarmer@gmail.com
To: secteam@freebsd.org, hackers@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Google-Sender-Auth: b92053d34769cb2b
Cc: 
Subject: Tracing binaries statically linked against vulnerable libs
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2006 05:35:32 -0000

I wonder if there is a way to deal with statically linked binaries,
which use vulnerable libraries.

There's this advisory:
http://www.vuxml.org/freebsd/964161cd-6715-11da-99f6-00123ffe8333.html

But mplayer and libxine are linked statically against ffmpeg,
as are reportedly many other apps like gstreamer. Of course
I can install every port that requires ffmpeg directly, look for
"lavc" strings and compare it to ldd output, but it sounds like
a nightmare.

Thanks!