diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-07-04 17:25:03 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-07-05 12:44:39 +0200 |
| commit | 7106a19458685d026fa73699d7a3e13294e24677 (patch) | |
| tree | ed9a520b03c368679db7642a933bf0a2774ab8b3 | |
| parent | 0fa34fb3960b22c5ae81ad914f9632fbb4449f07 (diff) | |
| download | man-pages-7106a19458685d026fa73699d7a3e13294e24677.tar.gz | |
ldd.1: Add a little more detail on why ldd is unsafe with untrusted executables
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
| -rw-r--r-- | man1/ldd.1 | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/man1/ldd.1 b/man1/ldd.1 index d2250348ae..eb11096b8d 100644 --- a/man1/ldd.1 +++ b/man1/ldd.1 @@ -61,10 +61,23 @@ and .BR ld.so (8).) .\" .SS Security -Be aware that in some circumstances, some versions of +Be aware that in some circumstances +(e.g., where the program specifies an ELF interpreter other than +.IR ld-linux.so ), +.\" The circumstances are where the program has an interpreter +.\" other than ld-linux.so. In this case, ldd tries to execute the +.\" program directly with LD_TRACE_LOADED_OBJECTS=1, with the +.\" result that the program interpreter gets control, and can do +.\" what it likes, or pass control to the program itself. +.\" Much more detail at +.\" http://www.catonmat.net/blog/ldd-arbitrary-code-execution/ +some versions of .BR ldd may attempt to obtain the dependency information -by directly executing the program. +by attempting to directly execute the program +(which may lead to the execution of whatever code is defined +in the program's ELF interpreter, +and perhaps to execution of the program itself). .\" Mainline glibc's ldd allows this possibility (the line .\" try_trace "$file" .\" in glibc 2.15, for example), but many distro versions of |