From owner-freebsd-security Fri Mar 14 10:12:41 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1087A37B401 for ; Fri, 14 Mar 2003 10:12:38 -0800 (PST) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FAB443F75 for ; Fri, 14 Mar 2003 10:12:37 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id C85E44CE8 for ; Fri, 14 Mar 2003 12:12:36 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id h2EICav08369 for freebsd-security@freebsd.org; Fri, 14 Mar 2003 12:12:36 -0600 (CST) (envelope-from hawkeyd) Date: Fri, 14 Mar 2003 12:12:35 -0600 From: D J Hawkey Jr To: security at FreeBSD Subject: Re: SA-03:02.openssl for RELENG_4_6_2 vs. RELENG_4_5 Message-ID: <20030314121235.A8200@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20030313080852.A30434@sheol.localdomain> <20030313171647.GA19381@intruder.bmah.org> <20030313115400.A25510@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030313115400.A25510@sheol.localdomain>; from hawkeyd@visi.com on Thu, Mar 13, 2003 at 11:54:00AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mar 13, at 11:54 AM, D J Hawkey Jr wrote: > > Oh! I also need to know how one ascertains what binaries are statically > linked to libcrypto and/or libssl? Got it. Try this: find $DIR -type f \ |xargs readelf -a 2>/dev/null \ |awk '/^File:/ { name = $2; printed = 0; } \ /SSL|TLS/ { if (!printed) { print name; printed = 1; } }' \ |xargs ldd 2>/dev/null This might be too liberal, but better safe than sorry. If it returns just filenames, they're statically-linked. On my workstation, only Mozilla has components (12 libraries) that are statically-linked to SSL/TLS code, but I don't know if they use the system SSL/TLS libraries, or if they're completely self-contained. > Anyone know how to run the tests in /usr/src/crypto/openssl/apps and/or > /usr/src/crypto/openssl/test, and what to look for? :-) This I still need help with. Thanks, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message