Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Jun 2010 08:39:37 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Warren Block <wblock@wonkity.com>
Cc:        questions@freebsd.org
Subject:   Re: Detecting fake library versions
Message-ID:  <4C19D139.7050003@infracaninophile.co.uk>
In-Reply-To: <4C19D01C.6050303@infracaninophile.co.uk>
References:  <alpine.BSF.2.00.1006161240460.69965@wonkity.com>	<alpine.BSF.2.00.1006161852460.70963@wonkity.com> <4C19D01C.6050303@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 17/06/2010 08:34:52, Matthew Seaman wrote:
> On 17/06/2010 01:59:04, Warren Block wrote:
>> On Wed, 16 Jun 2010, Warren Block wrote:
> 
>>> "ln -s libintl.so.9 libintl.so.8" has been misused a lot lately.
>>>
>>> Are there any programs that will detect these links and remind the
>>> user that they have a new library masquerading as an old one?
> 
>> A quick hack in Ruby to address this:
> 
>> http://www.wonkity.com/~wblock/fakelib/fakelib.rb
> 
>> It's not particularly fast or elegant.  On the other hand, it's short
>> and does detect the link above.
> 
> Trying much too hard there.  This command is all you need:
> 
>    find /usr/lib /lib -name '*.so.*' -type l
> 
> Any file named libfoo.so.N in the base system should be a regular file:
> any symbolic links indicate shlib abuse.
> 
> This is not generally true for shlibs installed from ports, mostly due
> to the prevalence of linuxisms like ABI version numbers that aren't
> simple integers.  Even so, applying a little intelligent scrutiny to the
> list of results will help you sort out any spurious linkage.

"But what about hard links?" I hear you ask.  Simple:

  find /usr/lib /lib -name '*.so.*' -links +2

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwZ0TkACgkQ8Mjk52CukIzpZwCgkwa7oyhwq6To0s08eAYT+flO
PnIAn3XG7Fs+TOLPP00k8z/kfP0ZhOKd
=3I0Z
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C19D139.7050003>