From owner-freebsd-questions@FreeBSD.ORG  Thu Jun 17 15:37:03 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C63A51065674
	for <questions@freebsd.org>; Thu, 17 Jun 2010 15:37:03 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 1FFE78FC16
	for <questions@freebsd.org>; Thu, 17 Jun 2010 15:37:02 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id
	o5HFavp9044475
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Thu, 17 Jun 2010 16:36:58 +0100 (BST)
	(envelope-from m.seaman@infracaninophile.co.uk)
Message-ID: <4C1A4119.1080402@infracaninophile.co.uk>
Date: Thu, 17 Jun 2010 16:36:57 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
	rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Warren Block <wblock@wonkity.com>
References: <alpine.BSF.2.00.1006161240460.69965@wonkity.com>
	<alpine.BSF.2.00.1006161852460.70963@wonkity.com>
	<4C19D01C.6050303@infracaninophile.co.uk>
	<alpine.BSF.2.00.1006170640070.73790@wonkity.com>
In-Reply-To: <alpine.BSF.2.00.1006170640070.73790@wonkity.com>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.96.1 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_50,DKIM_ADSP_ALL,
	SPF_FAIL autolearn=no version=3.3.1
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	lucid-nonsense.infracaninophile.co.uk
Cc: questions@freebsd.org
Subject: Re: Detecting fake library versions
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2010 15:37:03 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 17/06/2010 16:04:20, Warren Block wrote:
>> This is not generally true for shlibs installed from ports, mostly due
>> to the prevalence of linuxisms like ABI version numbers that aren't
>> simple integers.  Even so, applying a little intelligent scrutiny to the
>> list of results will help you sort out any spurious linkage.
> 
> Could you expand on this part?
> 
> find reports 83 links in /usr/local/lib.  But only the fake libintl.so.8
> is linked to a port-created library but not recorded as part of the
> gettext package.

Right.  In /usr/local/lib on one machine I happen to have the following:

% find /usr/local/lib -name '*.so.*' -type l -ls | cut -c 89-
/usr/local/lib/libicuio.so.38 -> libicuio.so.38.1
/usr/local/lib/libutempter.so.0 -> libutempter.so.1.1.5
/usr/local/lib/libicuuc.so.38 -> libicuuc.so.38.1
/usr/local/lib/libicule.so.38 -> libicule.so.38.1
/usr/local/lib/libXaw.so.7 -> libXaw7.so.7
/usr/local/lib/libdb-4.8.so.0 -> db48/libdb-4.8.so.0
/usr/local/lib/libdb_cxx-4.8.so.0 -> db48/libdb_cxx-4.8.so.0
/usr/local/lib/libgs.so.8 -> libgs.so.8.71
/usr/local/lib/libXau.so.0 -> /usr/local/lib/libXau.so.6
/usr/local/lib/libicutu.so.38 -> libicutu.so.38.1
/usr/local/lib/libXaw.so.6 -> libXaw6.so.6
/usr/local/lib/libiculx.so.38 -> libiculx.so.38.1
/usr/local/lib/libicui18n.so.38 -> libicui18n.so.38.1
/usr/local/lib/liblua-5.1.so.1 -> lua51/liblua-5.1.so.1
/usr/local/lib/libicudata.so.38 -> libicudata.so.38.1

You can see several different patterns here.

Primus: like libdb-4.8.so.0 or liblua-5.1.so.1 --- the shlib is
installed into a sub-dir of /usr/local/lib and linked back into the main
directory.  This is generally used when there are several different
versions of the particular library available in ports.

Secondus: like libXaw.so.6, libXaw.so.7 -- for some reason, the file is
installed with the ABI version as part of the basename of the file and
the link just provides the expected name.

Tertius: like libicuio.so.38 and pretty much all the rest.  *BSD uses
.38 as the ABI version number, whereas linux seems to prefer .38.1 --
occasionally this sort of thing is the result of developers being
unclear on the concept of an ABI version number, and just using their
main code version number.

These are all perfectly normal and as installed from ports -- a little
work with 'pkg_which' and 'pkg_info -g' will demonstrate that.

On the other hand, if I'd seen:

/usr/local/lib/libintl.so.8 -> libintl.so.9

where there is a shlib with the standard ABI version pattern as expected
under *BSD, but it's a link to another shlib with a *different* major
version number, then it's pretty clear someone has been bodging things.

Clear enough?

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwaQRkACgkQ8Mjk52CukIz9igCeP5ZObIL6KZoobcNk+1wMcvzC
9QUAnRnYAQENJiAtfMCZTtekeqPvvbrO
=BMLp
-----END PGP SIGNATURE-----