-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmail-discuss.txt
53 lines (50 loc) · 2.9 KB
/
mail-discuss.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
3/20/2017 3:53 PM
> + Extract information from file system: done.
> Currently, I haven't found a way to extract `version info` from a library file or a directory which contains the file.
> Instead, I tried to extract following information: `Modify datetime, Size, MD5Sum, Build-ID` with an assumption that `Modify datetime` could be the compilation date of the file.
For compiled programs this is reasonable assumption. For installed (from a
package manager) software, the modify date is most likely the date in which it was
installed.
> ### Notes:
> + Some program installed a bunch of files (many libraries) in a directory, not just ONLY ONE file.
Yes, absolutely. A program can also install many executables as well.
> + Version showed in library name sometimes is not matched with actual version reported by Package Manager.
Of course. As I explained in softdev, the version of the library has a
special meaning and it does not (and it should not) follow the version of
the package that contains it.
> + Extract information by GIT method.
Ack
===============================
Just one point about the first task, since you are already started
working on it. When I said APT-based I think the most important part
would be to identify components (programs or libraries) which are
not installed by an official repository.
So, two things:
1. APT can tell you which package installed which file.
So, if you have any binaries or libraries (e.g., under /usr/lib)
which do not come from a package.. those are interesting files.
2. If a file comes from a package but the package is not part of the
repositories in /etc/atp/sources -> it means it was manually installed,
and it wont be automatically updated. Again, this is an interesting
target.
Everything else we don't care, as it is managed by the packer manager
and updated by it.
===============================
- We should consider both Linux and Windows
* In linux the packer manager provides lots of information. Also man
pages and git directories can be useful.
* In windows, the registry, the file path, as well as icons and entries
in the menu can be very valuable sources of information.
Maybe also the browser log can be useful to see which program was
downloaded
- In the two cases, the goal is to find which programs/libraries are present on disk.
- Then, for each program we should be able to tell if it is the last version and
when the last version was released (i.e., if the software seems to still be
maintained).
There are several ways to do that:
* By somehow extracting the version of the program and comparing with
the last available on the web
* By extracting the compilation date of the binary and comparing with
the release date of the last available on the web
* (in collaboration with Symantec) by checking if others users have
the same program with a different hash but installed more recently