Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: what actually uses xdr_mem.c?
From: Uros Juvan (uros.juvanarnes.si)
Date: Wed Mar 26 2003 - 07:47:24 CST
Idea is cool, but it just won't work on staticaly linked files, you can
test this with:
# readelf -a /bin/ls
for example :(
I don't think there is 100% way of telling whether staticaly linked file
is linked against vulnerable xdr_mem.o, especially because obviously
rcsid string is undefined in source file.
Exept of course searching for machine bytes composing vulnerable code :)
D J Hawkey Jr wrote:
>On Mar 26, at 02:00 PM, Simon Barner wrote:
>>As far as I understood your script, it scans the output of "readelf -a", and
>>prints that file name if and only if this output contains "XDR" or "xdr". Will
>>this work if the binary is stripped (sorry in case I just overlooked something
>Yes, it does. AFAIK, all base (and port?) software is [by default] stripped
>on installation, and the environment I tested that command with had stripped
>That isn't "stupid"; it took me a little while to work up that command
>(I didn't even know about readelf(1) until someone mentioned it to me).
>I'm no ELF expert - I'm no anything expert - but it appears that the ELF
>format itself contains these "labels".
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"