Date: Thu, 17 Jun 2010 09:04:20 -0600 (MDT) From: Warren Block <wblock@wonkity.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: questions@freebsd.org Subject: Re: Detecting fake library versions Message-ID: <alpine.BSF.2.00.1006170640070.73790@wonkity.com> In-Reply-To: <4C19D01C.6050303@infracaninophile.co.uk> References: <alpine.BSF.2.00.1006161240460.69965@wonkity.com> <alpine.BSF.2.00.1006161852460.70963@wonkity.com> <4C19D01C.6050303@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 17 Jun 2010, Matthew Seaman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 17/06/2010 01:59:04, Warren Block wrote: >> On Wed, 16 Jun 2010, Warren Block wrote: >> >>> "ln -s libintl.so.9 libintl.so.8" has been misused a lot lately. >>> >>> Are there any programs that will detect these links and remind the >>> user that they have a new library masquerading as an old one? >> >> A quick hack in Ruby to address this: >> >> http://www.wonkity.com/~wblock/fakelib/fakelib.rb >> >> It's not particularly fast or elegant. On the other hand, it's short >> and does detect the link above. > > Trying much too hard there. This command is all you need: > > find /usr/lib /lib -name '*.so.*' -type l > > Any file named libfoo.so.N in the base system should be a regular file: > any symbolic links indicate shlib abuse. > > This is not generally true for shlibs installed from ports, mostly due > to the prevalence of linuxisms like ABI version numbers that aren't > simple integers. Even so, applying a little intelligent scrutiny to the > list of results will help you sort out any spurious linkage. Could you expand on this part? find reports 83 links in /usr/local/lib. But only the fake libintl.so.8 is linked to a port-created library but not recorded as part of the gettext package. -Warren Block * Rapid City, South Dakota USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1006170640070.73790>