ldd(1) and untrusted binaries
While diagnosing a non-determinism Bazel issue at work, I had to compare the dynamic libraries used by two builds of the same binary. To do so, I used ldd(1) and I had to refer to its manual page to understand details of the output I had never paid attention to before. What I saw will surprise you: ldd can end up running the binary given to it, thus making it unsafe against untrusted binaries. Read on for the history I could find around this issue and what alternatives you have.
July 1, 2023
·
Tags:
<a href="/tags/linux">linux</a>, <a href="/tags/security">security</a>
Continue reading (about
6 minutes)
Featured software
Featured posts
- Fast machines, slow machines
- EndBASIC 0.10: Core language, evolved
- Farewell, Microsoft; hello, Snowflake!
- Rust is hard, yes, but does it matter?
- Rust traits and dependency injection
- A year on Windows: Introduction
- Always be quitting
- How does Google keep build times low?
- How does Google avoid clean builds?
- Unit-testing a console app (a text editor)
- More...
