Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
List apps linked against a potentially heartbleed-vulnerable openssl on your Mac
for i in /usr/local/{bin,sbin}/*; do otool -L $i; done | sed -e '/^.*is not an object file.*$/d' -e 's|^\(/.*\):$|@\1|' | awk 'BEGIN { RS="@" } !/ssl/ { next } !/^[[:space:]]*(\/.*ssl\.0.9.8.*\.dylib)/ { print $1 }'
@hawko2600
Copy link
Author

hawko2600 commented Apr 9, 2014

Interesting things I discovered during this exercise:
• common system tools use all the wrong default behaviours for 2014. Who the heck wants BRE? Where's negative lookahead assertion? Why won't awk match form feed? This gist could be a lot shorter / sensible.
• you can force sed to ERE with -E. No such option exists for awk.
• saving two characters in your sed command by using 3 to turn on ERE is not a win, even if the regexp is slightly more readable.
• this gist will give false positives, because otool reports e.g. openssl 1.0.1g as 1.0.0 so its not possible to just match vulnerable versions, as vulnerable and not vulnerable 1.0's appear the same. Fixing this doubles the command length, more or less.
• github.com renewed their SSL cert quickly. Good Guy Github :)
• option+8 makes dots. ••••••••••••••••••••
• ᗧ • • • ᗣ

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment