1 |
On Fri, 2004-03-19 at 12:40, Joel Osburn wrote: |
2 |
> Hence the discussion yesterday in this thread. Jeremy Huddleston |
3 |
> suggested doing "readelf -s <exec> | grep <symbol>". I'm no guru, and |
4 |
> don't totally understand what a file containing any given symbol means, |
5 |
> but if this command does indeed show if a file was statically compiled |
6 |
> against a given library, then there are a lot of things that need to be |
7 |
> recompiled. Put it in a little script and run it against my /usr/bin/ |
8 |
> shows such files as ftp, links2, mutt, ssh, and wget. That doesn't |
9 |
> sound right to me, but... how can I prove it one way or the other? |
10 |
|
11 |
FYI: if the symbol appears in the ELF file, and it was dynamically |
12 |
linked to libssl, you probably don't need to worry about it. |
13 |
|
14 |
Keeping track of statically compiled dependencies through portage is a |
15 |
good idea, in the mean time here's a simple script to search your |
16 |
system: |
17 |
Warning! This takes a while to run, 15 min. on my system. It is not |
18 |
guaranteed to be exhaustive, and it may fry your hard drive. On my |
19 |
system, it returned three false positives. |
20 |
|
21 |
|
22 |
#!/bin/bash |
23 |
|
24 |
# I probably should have had this only check binaries coming from |
25 |
# packages which depend on ssl, but I wanted to be sure |
26 |
|
27 |
for d in /bin /lib /sbin /usr/bin /usr/lib /usr/libexec /usr/sbin \ |
28 |
/usr/X11R6/bin /usr/X11R6/lib /usr/games/bin /usr/games/bin /opt |
29 |
do |
30 |
for i in `find $d -type f -perm +0111` |
31 |
do |
32 |
file $i | grep ELF >/dev/null || continue |
33 |
ldd $i | grep libssl >/dev/null && continue |
34 |
readelf -s $i | grep " SSL_" >/dev/null || continue |
35 |
echo $i |
36 |
done |
37 |
done |
38 |
|
39 |
|
40 |
-- |
41 |
gentoo-security@g.o mailing list |