From owner-freebsd-questions@FreeBSD.ORG  Thu Jun 17 15:04:21 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AB47D1065670
	for <questions@freebsd.org>; Thu, 17 Jun 2010 15:04:21 +0000 (UTC)
	(envelope-from wblock@wonkity.com)
Received: from wonkity.com (wonkity.com [67.158.26.137])
	by mx1.freebsd.org (Postfix) with ESMTP id 662B08FC12
	for <questions@freebsd.org>; Thu, 17 Jun 2010 15:04:21 +0000 (UTC)
Received: from wonkity.com (localhost [127.0.0.1])
	by wonkity.com (8.14.3/8.14.3) with ESMTP id o5HF4KiY074286;
	Thu, 17 Jun 2010 09:04:20 -0600 (MDT)
	(envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
	by wonkity.com (8.14.3/8.14.3/Submit) with ESMTP id o5HF4KYA074283;
	Thu, 17 Jun 2010 09:04:20 -0600 (MDT)
	(envelope-from wblock@wonkity.com)
Date: Thu, 17 Jun 2010 09:04:20 -0600 (MDT)
From: Warren Block <wblock@wonkity.com>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
In-Reply-To: <4C19D01C.6050303@infracaninophile.co.uk>
Message-ID: <alpine.BSF.2.00.1006170640070.73790@wonkity.com>
References: <alpine.BSF.2.00.1006161240460.69965@wonkity.com>
	<alpine.BSF.2.00.1006161852460.70963@wonkity.com>
	<4C19D01C.6050303@infracaninophile.co.uk>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.5
	(wonkity.com [127.0.0.1]); Thu, 17 Jun 2010 09:04:20 -0600 (MDT)
Cc: questions@freebsd.org
Subject: Re: Detecting fake library versions
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2010 15:04:21 -0000

On Thu, 17 Jun 2010, Matthew Seaman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 17/06/2010 01:59:04, Warren Block wrote:
>> On Wed, 16 Jun 2010, Warren Block wrote:
>>
>>> "ln -s libintl.so.9 libintl.so.8" has been misused a lot lately.
>>>
>>> Are there any programs that will detect these links and remind the
>>> user that they have a new library masquerading as an old one?
>>
>> A quick hack in Ruby to address this:
>>
>> http://www.wonkity.com/~wblock/fakelib/fakelib.rb
>>
>> It's not particularly fast or elegant.  On the other hand, it's short
>> and does detect the link above.
>
> Trying much too hard there.  This command is all you need:
>
>   find /usr/lib /lib -name '*.so.*' -type l
>
> Any file named libfoo.so.N in the base system should be a regular file:
> any symbolic links indicate shlib abuse.
>
> This is not generally true for shlibs installed from ports, mostly due
> to the prevalence of linuxisms like ABI version numbers that aren't
> simple integers.  Even so, applying a little intelligent scrutiny to the
> list of results will help you sort out any spurious linkage.

Could you expand on this part?

find reports 83 links in /usr/local/lib.  But only the fake libintl.so.8 
is linked to a port-created library but not recorded as part of the 
gettext package.

-Warren Block * Rapid City, South Dakota USA