[Techtalk] Re: Zlib vulnerability (fwd)

Jp Calderone kuran42 at yahoo.com
Tue Mar 12 17:12:29 EST 2002 

(In bash) You can use this to find all the statically linked executables 
on a system:

find / -perm +111 | xargs -iFILE bash -c "
  if file "FILE" | grep statically > /dev/null 2>&1; then
    echo FILE;
fi
"
There's probably a way to do it without the bash-per-file invocation, 
but I can't
work out just how at the moment...

<why>
find's behavior here is to print out all files in the given directory 
("/") and all its
subdirectories that match the given predicate, which is that they must 
have at
least one bit from the permission mask provide, "111".  "111" indicates 
that the
file is executable to some user.  xargs simply applies the given command to
each of its inputs.
</why>

On my system this turned up about 10 files, most of which were system 
utlities
that could potentially be used during bootup, e2fsck, and some trivial 
helper
programs like cmp, and of course, vmlinuz; I think, aside from the 
kernel, most
systems will be in little danger of having statically linked zlib 
programs, but YMMV,
and it never hurts to be sure :)  Once you find the static binaries, a 
grep for something
like "inflate" will probably show if it uses zlib for decompression or 
not; even if it has
been stripped, zlib has a few string literals that should still cause a 
match .

  Hope this is helpful...

Raven, corporate courtesan wrote:

>Heya --
>
>	From an offlist conversation I was having with a friend about
>the zlib vulnerability, forwarded with permission:
>
>----- Begin forwarded message -----
>
>>>dynamic linking here. :)
>>>
>>	Apparantly me too, since patching it didn't break anything.  
>>
>It wouldn't break anything anyway, as statically linked programs 
>would not be affected. apt-get or urmpi are your friends. :)
>
>>How do you tell?
>>
>You have to know which programs use static linking. Not that many do. 
>(Sometimes things like bash or ash do, to stop library compromises 
>affecting your root shell, but they wouldn't be using zlib).
>----- End forwarded message -----
>
>	So, does anyone here know what actually uses zlib under Linux
>that would use static linking?  I've no idea.
>
>Thanks in advance,
>Raven
>
>"Sed, sed, awk.  Like duck, duck, goose.  Sync, sync, halt.  It's the
> order of nature."
>  -- me, after too long a day at work
>_______________________________________________
>Techtalk mailing list
>Techtalk at linuxchix.org
>http://mailman.linuxchix.org/mailman/listinfo/techtalk
>

More information about the Techtalk mailing list