ldd(1) and untrusted binaries

While diagnosing a non-determinism Bazel issue at work, I had to compare the dynamic libraries used by two builds of the same binary. To do so, I used ldd(1) and I had to refer to its manual page to understand details of the output I had never paid attention to before. What I saw will surprise you: ldd can end up running the binary given to it, thus making it unsafe against untrusted binaries. Read on for the history I could find around this issue and what alternatives you have.

July 1, 2023 · Tags: <a href="/tags/linux">linux</a>, <a href="/tags/security">security</a>
Continue reading (about 6 minutes)