On Wed, Mar 12, 2014, at 15:04, FRIGN wrote: > Impressive, but better use > $ LD_TRACE_LOADED_OBJECTS=1 t > instead of > $ ldd t > next time to prevent arbitrary code-execution[1] in case you're dealing > with unknown binaries.
I don't know if it was here and you or somewhere else or someone else, but someone said this before and I pointed out the problems with this argument. It's even worse in this case because you propose using LD_TRACE_LOADED_OBJECTS=1 t [which won't actually work, incidentally, without . in PATH] instead of LD_TRACE_LOADED_OBJECTS=1 /lib/ld-linux.so.2 ./t - your proposed command doesn't actually prevent the exploit (it actually makes it easier, by making it possible to exploit with a mere statically-linked program rather than a fancy ELF interpreter trick) Also, wanting to do this with an unknown, untrusted executable is, in practice, _incredibly rare_. And since this is an executable he just built himself, it obviously doesn't apply here. The 'safe' command [which, remember, you got wrong] is onerously long for a suggestion that people should use every time. Maybe the best way forward is to make ldd default to the safe way and require user confirmation (with a warning) before the unsafe one.
