Checking Reverse Dependencies in Linux

DependenciesAll modern Unix operating systems provide softwares as packages. I remember the good old times in the ’90s when you had to compile all the applications from their source code. Compiling source code has advantages: you enable only the features you need and perform configuration tweaks as you want. But it’s also a pain to manage dependencies! You should have all the required libraries and tools pre-installed and with the right versions! Today, package managers are very convenient and take care of all the boring stuff.

If package managers handle perfectly dependencies (they will install all extra packages required for you), they also have interesting features like checking for “reverse dependencies“: to give a list of packages using a given package. From a security point of view it can be very useful.¬†Think about the recent issue discovered in the gnutls code (GNUTLS-SA-2014-2). While waiting for a patch to fix such important vulnerability, it could be interesting to know what tools & applications are using this piece of code and to try to mitigate the impact. How to achieve this?

On Debian/Ubuntu, use the apt-cache command with the “rdepends” keyword:

root@kali:~# apt-cache rdepends libgnutls26
libgnutls26
Reverse Depends:
 telepathy-gabble
 libvirt0
 libvirt-bin
 libgnutlsxx27
 [...]

On Fedora, CentOS or RedHat, use the rpm command with the “–whatrequires” flag:

[root@dom0 ~]# rpm -q --whatrequires openssl
openssh-4.3p2-72.el5_7.5
curl-7.15.5-9.el5_7.4
openssl-perl-0.9.8e-22.el5_8.3
[...]

For the story, libgnutls26 is used by 184 packages on my core Ubuntu home server! Those commands can save you some time and headaches…

3 comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.