All modern Unix operating systems provide softwares as packages. I remember the good old times in the ’90s when you had to compile all the applications from their source code. Compiling source code has advantages: you enable only the features you need and perform configuration tweaks as you want. But it’s also a pain to manage dependencies! You should have all the required libraries and tools pre-installed and with the right versions! Today, package managers are very convenient and take care of all the boring stuff.
If package managers handle perfectly dependencies (they will install all extra packages required for you), they also have interesting features like checking for “reverse dependencies“: to give a list of packages using a given package. From a security point of view it can be very useful.Â Think about the recent issue discovered in the gnutls code (GNUTLS-SA-2014-2). While waiting for a patch to fix such important vulnerability, it could be interesting to know what tools & applications are using this piece of code and to try to mitigate the impact. How to achieve this?
On Debian/Ubuntu, use the apt-cache command with the “rdepends” keyword:
root@kali:~# apt-cache rdepends libgnutls26 libgnutls26 Reverse Depends: telepathy-gabble libvirt0 libvirt-bin libgnutlsxx27 [...]
On Fedora, CentOS or RedHat, use the rpm command with the “–whatrequires” flag:
[root@dom0 ~]# rpm -q --whatrequires openssl openssh-4.3p2-72.el5_7.5 curl-7.15.5-9.el5_7.4 openssl-perl-0.9.8e-22.el5_8.3 [...]
For the story, libgnutls26 is used by 184 packages on my core Ubuntu home server! Those commands can save you some time and headaches…
And in FreeBSD its
pkg query “%rn” gnutls
(%r = reverse depends, n = name)
RT @xme: [/dev/random] Checking Reverse Dependencies in Linux http://t.co/NbGiUvtSrK