On Fri, Oct 31, 2008 at 12:30:39PM -0400, Phil Estes wrote: >On Fri, 2008-10-31 at 04:48 -0500, Rob Landley wrote: > >> >> I don't know what happens if you run gnu ldd on a program that does an >> rm -rf / when run with no arguments, and I'm not sure I _want_ to know. >> Readelf gives you all the data you actually _need_; ldd merely formats the >> output more conveniently. There's no need to run the binary, and lots of >> reasons not to. >> >> Rob > >I'm pretty sure everyone would agree with you--even glibc :) Just to >make sure this myth is not spread further, glibc ldd does not "run" the >program--it sets 2 environment variables that tell the dynamic loader >(ld-linux..) to simply resolve all dynamic symbols immediately, trace >the loaded objects, and then list them..all without ever executing the >application. > >See ld-linux man page, ref: LD_BIND_NOW, LD_TRACE_LOADED_OBJECTS. You >can easily confirm by running ldd on any program that would perform a >visible/recognizable action--then you can see that the action is not >performed. Or, if you are still paranoid, create your own binary, use >your favorite tracing/debug method, see if you can get a "hit" on main() >execution..I think you'll be happy to see your program is never run..
I was thinking about not executing the program if trace is requested, but somehow this sounds like a potential problem to me, no? Or is it fine to assume that if somebody boots with that trace-requesting variable in her commandline that it's perfectly fine not to run any (dynamic) program? Would make me nervous, not sure.. _______________________________________________ uClibc mailing list [email protected] http://busybox.net/cgi-bin/mailman/listinfo/uclibc
