mirror of https://github.com/mkerrisk/man-pages
ldd.1: Add more detail on ldd security implications, noting glibc 2.27 changes
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
36454047ec
commit
e5486b10fa
13
man1/ldd.1
13
man1/ldd.1
|
@ -75,14 +75,21 @@ Be aware that in some circumstances
|
|||
some versions of
|
||||
.BR ldd
|
||||
may attempt to obtain the dependency information
|
||||
by attempting to directly execute the program
|
||||
(which may lead to the execution of whatever code is defined
|
||||
by attempting to directly execute the program,
|
||||
which may lead to the execution of whatever code is defined
|
||||
in the program's ELF interpreter,
|
||||
and perhaps to execution of the program itself).
|
||||
and perhaps to execution of the program itself.
|
||||
.\" Mainline glibc's ldd allows this possibility (the line
|
||||
.\" try_trace "$file"
|
||||
.\" in glibc 2.15, for example), but many distro versions of
|
||||
.\" ldd seem to remove that code path from the script.
|
||||
(Until glibc version 2.27,
|
||||
.\" glibc commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c
|
||||
the upstream
|
||||
.B ldd
|
||||
implementation did this for example,
|
||||
although most distributions provided a modified version that did not.)
|
||||
.PP
|
||||
Thus, you should
|
||||
.I never
|
||||
employ
|
||||
|
|
Loading…
Reference in New Issue