Beware of ldd

by Alex Handy 10/26/2009 01:37 PM EST

If you use Linux and you program, you've probably used the ldd command to track down a dependency or two. If you use it with any frequency, you definitely need to read this article. Peteris Krumins explains that ldd is not an innocuous little utility, devoid of malicious possibilties. From the blog entry:

For example, you can put a malicious executable in ~/app/bin/exec and have it loaded by ~/app/lib/loader.so. If someone does `ldd /home/you/app/bin/exec` then it’s game over for them. They just ran the nasty code you had put in your executable. You can do some social engineering to get the sysadmin to execute `ldd` on your executable allowing you to gain the control over the box.

Be the first to rate this post

Currently 0/5 Stars.
1
2
3
4
5

Share this link: http://www.sdtimes.com/blog/1543

Tags: ldd, linux, programming

linux

Linux Turns 3Linus decided 20 years of Linux deserves a bump to 3.0.Linux.com relaunchesLinux.com opens to the public.Mac passes Linux as No. 2 dev platform behind Windows, study saysMore developers prefer working on the Mac OS environment than Linux, but both trail Windows by a wid...

Comments

Add comment

Name*
E-mail*
Country

b i u quote

Comment

Notify me when new comments are added

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
FEBRUARY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?

Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
02/09/2012 02:16 PM EST

Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
02/07/2012 11:57 AM EST

RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
02/04/2012 01:57 PM EST

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
02/03/2012 12:17 PM EST

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.
02/02/2012 08:26 AM EST

Ryan Dahl steps down
Ryan Dahl, creator of Node.js, steps back from his position as gatekeeper for the project.
02/01/2012 04:58 PM EST