diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2017-08-25 00:36:27 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2017-08-25 00:37:36 +0200 |
| commit | e5486b10fa9abf51a2e952b1c15070588b6ef7c7 (patch) | |
| tree | fff613a4bbc0b9b47cf013db78a685561fdaee35 /man1 | |
| parent | 36454047ec7cb01157058a922a9089724da5b2c9 (diff) | |
| download | man-pages-e5486b10fa9abf51a2e952b1c15070588b6ef7c7.tar.gz | |
ldd.1: Add more detail on ldd security implications, noting glibc 2.27 changes
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man1')
| -rw-r--r-- | man1/ldd.1 | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/man1/ldd.1 b/man1/ldd.1 index 6a57d3963c..c066b64e01 100644 --- a/man1/ldd.1 +++ b/man1/ldd.1 @@ -75,14 +75,21 @@ Be aware that in some circumstances some versions of .BR ldd may attempt to obtain the dependency information -by attempting to directly execute the program -(which may lead to the execution of whatever code is defined +by attempting to directly execute the program, +which may lead to the execution of whatever code is defined in the program's ELF interpreter, -and perhaps to execution of the program itself). +and perhaps to execution of the program itself. .\" Mainline glibc's ldd allows this possibility (the line .\" try_trace "$file" .\" in glibc 2.15, for example), but many distro versions of .\" ldd seem to remove that code path from the script. +(Until glibc version 2.27, + .\" glibc commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c +the upstream +.B ldd +implementation did this for example, +although most distributions provided a modified version that did not.) +.PP Thus, you should .I never employ |