1. what is linux-gate.so
------------------------
ldd `which less`
linux-gate.so.1 => (0x00970000)
libncursesw.so.5 => /usr/lib/libncursesw.so.5 (0x00101000)
libc.so.6 => /lib/libc.so.6 (0x0098e000)
libdl.so.2 => /lib/libdl.so.2 (0x00aea000)
/lib/ld-linux.so.2 (0x00971000)
linux-gate resolves to a non-existent library. It's not really missing,
it's just that it's not a _real_ library, it's virtual thingy, a
kernel-optimized _gateway_ for system-calls that resolves to the
"sysenter" instruction in (recent) x86 environments. Explained by Johan
Petersson, at
http://www.trilithium.com/johan/2005/08/linux-gate/
You can find this by googling on
What is linux-gate.so.1
but it may be easier to remember the phrase
"Torvalds is a disgusting pig and proud of it"
which occurs within the explanation. (And links to
http://lkml.org/lkml/2002/12/18/218
which explains a strange hack within the linux-gate code -- see the
Johan Petersson post for actual assembly code)
2. What are the numbers in parentheses eg, "(0x00970000)"
---------------------------------------------------------
do this:
less /proc/self/maps
and search for things,
(replace actual numbers with what you see in your ldd output, above)
eg:
/^00970000
/^00101000
My 0097 line ends with [vdso] -- a virtual DSO (dynamically shared
object) -- see the Johan Petersson post.
My 0010 line ends with /usr/lib/libncursesw.so.5.5,
..and so on.
Evidently the numbers are load addresses for these libraries. The
/proc/XX/maps contents shows additional memory ranges, presumeably
created by the loader and by library initialization code. So.., isn't
that interesting (B.M. you there?)
3. Don't run ldd on binaries you don't trust
--------------------------------------------
According to David A. Wheeler (of sloccount fame, among other things), in
http://www.dwheeler.com/program-library/Program-Library-HOWTO/x36.html
there is a risk of executing the binary during the ldd operation.
<pre>
Beware: do not run ldd on a program you don't trust. As is clearly
stated in the ldd(1) manual, ldd works by (in certain cases) by setting
a special environment variable (for ELF objects,
LD_TRACE_LOADED_OBJECTS) and then executing the program. It may be
possible for an untrusted program to force the ldd user to run arbitrary
code (instead of simply showing the ldd information). So, for safety's
sake, don't use ldd on programs you don't trust to execute.
</pre>
I have never heard of this warning before (anyone else?), so I have
written him asking whether this is still true, since the ldd(1) no
longer contains reference to LD_TRACE_LOADED_OBJECTS or hints at
security risk, but, in the meantime, ..beware, I guess.
..jim
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
