Date: Wed, 26 Mar 2003 14:00:56 +0100 From: Simon Barner <barner@in.tum.de> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: security at FreeBSD <freebsd-security@freebsd.org> Subject: Re: what actually uses xdr_mem.c? Message-ID: <20030326130056.GD657@zi025.glhnet.mhn.de> In-Reply-To: <20030326061041.A17052@sheol.localdomain> References: <Pine.LNX.4.43.0303252144400.21019-100000@pilchuck.reedmedia.net> <20030326102057.GC657@zi025.glhnet.mhn.de> <20030326061041.A17052@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
--ylS2wUBXLOxYXZFQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Actually, I _would_ check the binaries. Scanning /usr/src doesn't cover > anything installed via the ports collection (/usr/ports), from other > sources, or "home-grown" software. I didn't think of non-base-system software, you are right. From that point of view, you are certainly right. As far as I understood your script, it scans the output of "readelf -a", and prints that file name if and only if this output contains "XDR" or "xdr". Will this work if the binary is stripped (sorry in case I just overlooked something stupid :-) Regards, Simon --ylS2wUBXLOxYXZFQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+gaSICkn+/eutqCoRAp+WAJ4k3xFkk7mv6fl+RuK10BUZ9Ps9mACgqatu L+wA59UtnSzyY218KBhal2Y= =V2zG -----END PGP SIGNATURE----- --ylS2wUBXLOxYXZFQ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030326130056.GD657>