From owner-freebsd-questions@FreeBSD.ORG Thu Jun 17 07:34:58 2010 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A553106567A for ; Thu, 17 Jun 2010 07:34:58 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id ED01E8FC12 for ; Thu, 17 Jun 2010 07:34:57 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o5H7YrYZ001415 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Thu, 17 Jun 2010 08:34:53 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4C19D01C.6050303@infracaninophile.co.uk> Date: Thu, 17 Jun 2010 08:34:52 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Warren Block References: In-Reply-To: X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.96.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_50,DKIM_ADSP_ALL, SPF_FAIL autolearn=no version=3.3.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lucid-nonsense.infracaninophile.co.uk Cc: questions@freebsd.org Subject: Re: Detecting fake library versions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2010 07:34:58 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/06/2010 01:59:04, Warren Block wrote: > On Wed, 16 Jun 2010, Warren Block wrote: > >> "ln -s libintl.so.9 libintl.so.8" has been misused a lot lately. >> >> Are there any programs that will detect these links and remind the >> user that they have a new library masquerading as an old one? > > A quick hack in Ruby to address this: > > http://www.wonkity.com/~wblock/fakelib/fakelib.rb > > It's not particularly fast or elegant. On the other hand, it's short > and does detect the link above. Trying much too hard there. This command is all you need: find /usr/lib /lib -name '*.so.*' -type l Any file named libfoo.so.N in the base system should be a regular file: any symbolic links indicate shlib abuse. This is not generally true for shlibs installed from ports, mostly due to the prevalence of linuxisms like ABI version numbers that aren't simple integers. Even so, applying a little intelligent scrutiny to the list of results will help you sort out any spurious linkage. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwZ0BwACgkQ8Mjk52CukIxoXACfUoEVRHvj7Lc/mjjpwp2WLPnt 0kEAn3IrKC+vPIw0NRduPL/ZFtrJP3rQ =Dwna -----END PGP SIGNATURE-----