| 1 |
On Fri, 2004-03-19 at 12:40, Joel Osburn wrote: |
| 2 |
> Hence the discussion yesterday in this thread. Jeremy Huddleston |
| 3 |
> suggested doing "readelf -s <exec> | grep <symbol>". I'm no guru, and |
| 4 |
> don't totally understand what a file containing any given symbol means, |
| 5 |
> but if this command does indeed show if a file was statically compiled |
| 6 |
> against a given library, then there are a lot of things that need to be |
| 7 |
> recompiled. Put it in a little script and run it against my /usr/bin/ |
| 8 |
> shows such files as ftp, links2, mutt, ssh, and wget. That doesn't |
| 9 |
> sound right to me, but... how can I prove it one way or the other? |
| 10 |
|
| 11 |
FYI: if the symbol appears in the ELF file, and it was dynamically |
| 12 |
linked to libssl, you probably don't need to worry about it. |
| 13 |
|
| 14 |
Keeping track of statically compiled dependencies through portage is a |
| 15 |
good idea, in the mean time here's a simple script to search your |
| 16 |
system: |
| 17 |
Warning! This takes a while to run, 15 min. on my system. It is not |
| 18 |
guaranteed to be exhaustive, and it may fry your hard drive. On my |
| 19 |
system, it returned three false positives. |
| 20 |
|
| 21 |
|
| 22 |
#!/bin/bash |
| 23 |
|
| 24 |
# I probably should have had this only check binaries coming from |
| 25 |
# packages which depend on ssl, but I wanted to be sure |
| 26 |
|
| 27 |
for d in /bin /lib /sbin /usr/bin /usr/lib /usr/libexec /usr/sbin \ |
| 28 |
/usr/X11R6/bin /usr/X11R6/lib /usr/games/bin /usr/games/bin /opt |
| 29 |
do |
| 30 |
for i in `find $d -type f -perm +0111` |
| 31 |
do |
| 32 |
file $i | grep ELF >/dev/null || continue |
| 33 |
ldd $i | grep libssl >/dev/null && continue |
| 34 |
readelf -s $i | grep " SSL_" >/dev/null || continue |
| 35 |
echo $i |
| 36 |
done |
| 37 |
done |
| 38 |
|
| 39 |
|
| 40 |
-- |
| 41 |
gentoo-security@g.o mailing list |
Archives