From owner-freebsd-security@FreeBSD.ORG Wed Mar 26 05:16:42 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1D9837B404 for ; Wed, 26 Mar 2003 05:16:41 -0800 (PST) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30A7D43F3F for ; Wed, 26 Mar 2003 05:16:39 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 729CD4D5B; Wed, 26 Mar 2003 07:16:38 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id h2QDGbB17481; Wed, 26 Mar 2003 07:16:37 -0600 (CST) (envelope-from hawkeyd) Date: Wed, 26 Mar 2003 07:16:37 -0600 From: D J Hawkey Jr To: Simon Barner Message-ID: <20030326071637.A17385@sheol.localdomain> References: <20030326102057.GC657@zi025.glhnet.mhn.de> <20030326061041.A17052@sheol.localdomain> <20030326130056.GD657@zi025.glhnet.mhn.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030326130056.GD657@zi025.glhnet.mhn.de>; from barner@in.tum.de on Wed, Mar 26, 2003 at 02:00:56PM +0100 X-Spam-Status: No, hits=-30.2 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,RCVD_IN_UNCONFIRMED_DSBL, REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_MUTT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: "Jeremy C. Reed" cc: security at FreeBSD Subject: Re: what actually uses xdr_mem.c? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2003 13:16:43 -0000 On Mar 26, at 02:00 PM, Simon Barner wrote: > > As far as I understood your script, it scans the output of "readelf -a", and > prints that file name if and only if this output contains "XDR" or "xdr". Will > this work if the binary is stripped (sorry in case I just overlooked something > stupid :-) Yes, it does. AFAIK, all base (and port?) software is [by default] stripped on installation, and the environment I tested that command with had stripped binaries. That isn't "stupid"; it took me a little while to work up that command (I didn't even know about readelf(1) until someone mentioned it to me). I'm no ELF expert - I'm no anything expert - but it appears that the ELF format itself contains these "labels". > Regards, > Simon Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/