Table of Contents
With libraries we are talking about dynamically linked libraries (aka shared objects). These are binaries that contain functions and are not started themselves as programs, but are called by other binaries.
Several programs can use the same library. The name of the library file usually starts with lib, followed by the actual name of the library, then the chracters .so and finally a version number.
When you look at the /lib or the /usr/lib directory, you will see a lot of symbolic links. Most libraries have a detailed version number in their name, but receive a symbolic link from a filename which only contains the major version number.
root@rhel53 ~# ls -l /lib/libext* lrwxrwxrwx 1 root root 16 Feb 18 16:36 /lib/libext2fs.so.2 -> libext2fs.so.2.4 -rwxr-xr-x 1 root root 113K Jun 30 2009 /lib/libext2fs.so.2.4
Many programs have dependencies on the installation of certain libraries. You can display these dependencies with ldd.
This example shows the dependencies of the su command.
paul@RHEL5 ~$ ldd /bin/su linux-gate.so.1 => (0x003f7000) libpam.so.0 => /lib/libpam.so.0 (0x00d5c000) libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x0073c000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00aa4000) libdl.so.2 => /lib/libdl.so.2 (0x00800000) libc.so.6 => /lib/libc.so.6 (0x00ec1000) libaudit.so.0 => /lib/libaudit.so.0 (0x0049f000) /lib/ld-linux.so.2 (0x4769c000)
The ltrace program allows to see all the calls made to library functions by a program. The example below uses the -c option to get only a summary count (there can be many calls), and the -l option to only show calls in one library file. All this to see what calls are made when executing su - serena as root.
root@deb503:~# ltrace -c -l /lib/libpam.so.0 su - serena serena@deb503:~$ exit logout % time seconds usecs/call calls function ------ ----------- ----------- --------- -------------------- 70.31 0.014117 14117 1 pam_start 12.36 0.002482 2482 1 pam_open_session 5.17 0.001039 1039 1 pam_acct_mgmt 4.36 0.000876 876 1 pam_end 3.36 0.000675 675 1 pam_close_session 3.22 0.000646 646 1 pam_authenticate 0.48 0.000096 48 2 pam_set_item 0.27 0.000054 54 1 pam_setcred 0.25 0.000050 50 1 pam_getenvlist 0.22 0.000044 44 1 pam_get_item ------ ----------- ----------- --------- -------------------- 100.00 0.020079 11 total
Find out on Debian/Ubuntu to which package a library belongs.
paul@deb503:/lib$ dpkg -S libext2fs.so.2.4 e2fslibs: /lib/libext2fs.so.2.4
You can then verify the integrity of all files in this package using debsums.
paul@deb503:~$ debsums e2fslibs /usr/share/doc/e2fslibs/changelog.Debian.gz OK /usr/share/doc/e2fslibs/copyright OK /lib/libe2p.so.2.3 OK /lib/libext2fs.so.2.4 OK
Should a library be broken, then reinstall it with aptitude reinstall $package.
root@deb503:~# aptitude reinstall e2fslibs Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Reading task descriptions... Done The following packages will be REINSTALLED: e2fslibs ...
Find out on Red Hat/Fedora to which package a library belongs.
paul@RHEL5 ~$ rpm -qf /lib/libext2fs.so.2.4 e2fsprogs-libs-1.39-8.el5
You can then use rpm -V to verify all files in this package. In the example below the output shows that the Size and the Time stamp of the file have changed since installation.
root@rhel53 ~# rpm -V e2fsprogs-libs prelink: /lib/libext2fs.so.2.4: prelinked file size differs S.?....T /lib/libext2fs.so.2.4
You can then use yum reinstall $package to overwrite the existing library with an original version.
root@rhel53 lib# yum reinstall e2fsprogs-libs Loaded plugins: rhnplugin, security Setting up Reinstall Process Resolving Dependencies --> Running transaction check ---> Package e2fsprogs-libs.i386 0:1.39-23.el5 set to be erased ---> Package e2fsprogs-libs.i386 0:1.39-23.el5 set to be updated --> Finished Dependency Resolution ...
The package verification now reports no problems with the library.
root@rhel53 lib# rpm -V e2fsprogs-libs root@rhel53 lib#
More detailed tracing of all function calls can be done with strace. We start by creating a read only file.
root@deb503:~# echo hello > 42.txt root@deb503:~# chmod 400 42.txt root@deb503:~# ls -l 42.txt -r-------- 1 root root 6 2011-09-26 12:03 42.txt
We open the file with vi, but include the strace command with an output file for the trace before vi. This will create a file with all the function calls done by vi.
root@deb503:~# strace -o strace.txt vi 42.txt
The file is read only, but we still change the contents, and use the :w! directive to write to this file. Then we close vi and take a look at the trace log.
root@deb503:~# grep chmod strace.txt chmod("42.txt", 0100600) = -1 ENOENT (No such file or directory) chmod("42.txt", 0100400) = 0 root@deb503:~# ls -l 42.txt -r-------- 1 root root 12 2011-09-26 12:04 42.txt
Notice that vi changed the permissions on the file twice. The trace log is too long to show a complete screenshot in this book.
root@deb503:~# wc -l strace.txt 941 strace.txt