|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: what actually uses xdr_mem.c?
From: Uros Juvan (uros.juvan
arnes.si)
Date: Wed Mar 26 2003 - 07:47:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Idea is cool, but it just won't work on staticaly linked files, you can
test this with:
# readelf -a /bin/ls
for example :(
I don't think there is 100% way of telling whether staticaly linked file
is linked against vulnerable xdr_mem.o, especially because obviously
rcsid string is undefined in source file.
Exept of course searching for machine bytes composing vulnerable code :)
Regards,
Uros Juvan
D J Hawkey Jr wrote:
>On Mar 26, at 02:00 PM, Simon Barner wrote:
>
>
>>As far as I understood your script, it scans the output of "readelf -a", and
>>prints that file name if and only if this output contains "XDR" or "xdr". Will
>>this work if the binary is stripped (sorry in case I just overlooked something
>>stupid :-)
>>
>>
>
>Yes, it does. AFAIK, all base (and port?) software is [by default] stripped
>on installation, and the environment I tested that command with had stripped
>binaries.
>
>That isn't "stupid"; it took me a little while to work up that command
>(I didn't even know about readelf(1) until someone mentioned it to me).
>I'm no ELF expert - I'm no anything expert - but it appears that the ELF
>format itself contains these "labels".
>
>
>
>>Regards,
>> Simon
>>
>>
>
>Dave
>
>
>
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]