Bug 11072 - w3af source contains binary ELF file, where source cannot be found
Summary: w3af source contains binary ELF file, where source cannot be found
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-24 04:26 CEST by Funda Wang
Modified: 2013-09-01 15:43 CEST (History)
0 users

See Also:
Source RPM: w3af-1.5-2.mga4.src.rpm
CVE:
Status comment:


Attachments

Description Funda Wang 2013-08-24 04:26:30 CEST
$ pwd
/home/fundawang/w3af/BUILD/w3af-1.5
$ find -name *.so
./plugins/attack/db/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so
./plugins/attack/db/sqlmap/udf/mysql/linux/64/lib_mysqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
$ file plugins/attack/db/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so
plugins/attack/db/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped

I doubt such a package could be put into core section of mageia. If those files are distributed as GPL also, then you must solve the problem of w3af.noarch.rpm requires both libc.so.6 and libc.so.6()(64bit), which cannot be solved in i586 arch.

Regards.

Reproducible: 

Steps to Reproduce:
Funda Wang 2013-08-24 04:27:38 CEST

Assignee: bugsquad => guillomovitch

Comment 1 Guillaume Rousse 2013-09-01 15:43:58 CEST
Those binary files are exploits, intended to be run on the attacked target. They are also windows binaries among them. They are part of the software, as any other kind of resources, and governed by the same license.

I just disabled automatic dependencies and debug packages creations, as for metasploit package, which has exactly the same issue.

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.