0

I've had a request from a vendor to set a specific environment variable against their software. I'm currently awaiting an explanation of what this actually does. However, I decided to check to see exactly what environment variables were available within the binary using "strings" (on Solaris in this case). It doesn't list the one that they're talking about though.

I think this means that the setting they're asking for isn't actually picked up in any way by the binary mentioned (or any of that vendor's binaries - I checked through the lot of them). However, I'm unsure and can't find an answer to whether running "strings" against a compiled binary will list all of the variables that it can pick up and use from the OS.

Can anyone help to confirm this?

Thanks in advance.

StuWhitby
  • 29
  • 4
  • `strings` won't even list all the strings in the binary unless you use the `-a` flag, and even then it's a heuristic search for things that look like strings, not an exact match. – alanc Nov 11 '14 at 03:23

1 Answers1

3

The fact that the variable name does not appear as a readable string in the binary does not guarantee that the program does not get its value. The environment variable name may, for example, be constructed at runtime by concatenating substrings.

nobody
  • 19,814
  • 17
  • 56
  • 77
  • That's great info, thanks Andrew. Makes it harder to confirm for sure, but even searching on some of the more pertinent _PARTS_OF_VARIABLE_ aren't showing anything. I also don't see any corresponding _PARTS_ to some of the requested variable in strings output on the core files created by the binary. This may mean that the value is NULL, but should I find some parts of that variable name in strings on a core file if it actually exists? (As you can probably tell, I think the vendor may be wasting our time on this). – StuWhitby Nov 11 '14 at 09:37
  • If you see lots of other environment variable names in the strings, *chances* are it's not obfuscated and it simply doesn't read that variable. You could investigate by looking at the binary in a disassembler and checking the calls to e.g. `getenv`. – nobody Nov 12 '14 at 02:15