Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
GuB-42
on July 24, 2023
|
parent
|
context
|
favorite
| on:
ldd arbitrary code execution (2009)
Because you may want ldd to work when the program is using a different loader. Not all nonstandard loaders are malicious.
If you want to avoid this risk, use something else, like readelf or lddtree.
eek2121
on July 24, 2023
|
next
[–]
This attitude is why this issue exists in the first place.
planede
on July 24, 2023
|
prev
[–]
ldd's implementation relies on the assumption that the loader respects the LD_TRACE_LOADED_OBJECTS environment variable. Do all non-malicious loaders need to respect this environment variable and implement GNU ld.so's behavior?
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
If you want to avoid this risk, use something else, like readelf or lddtree.