From e5486b10fa9abf51a2e952b1c15070588b6ef7c7 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Fri, 25 Aug 2017 00:36:27 +0200 Subject: [PATCH] ldd.1: Add more detail on ldd security implications, noting glibc 2.27 changes Signed-off-by: Michael Kerrisk --- man1/ldd.1 | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/man1/ldd.1 b/man1/ldd.1 index 6a57d3963..c066b64e0 100644 --- a/man1/ldd.1 +++ b/man1/ldd.1 @@ -75,14 +75,21 @@ Be aware that in some circumstances some versions of .BR ldd may attempt to obtain the dependency information -by attempting to directly execute the program -(which may lead to the execution of whatever code is defined +by attempting to directly execute the program, +which may lead to the execution of whatever code is defined in the program's ELF interpreter, -and perhaps to execution of the program itself). +and perhaps to execution of the program itself. .\" Mainline glibc's ldd allows this possibility (the line .\" try_trace "$file" .\" in glibc 2.15, for example), but many distro versions of .\" ldd seem to remove that code path from the script. +(Until glibc version 2.27, + .\" glibc commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c +the upstream +.B ldd +implementation did this for example, +although most distributions provided a modified version that did not.) +.PP Thus, you should .I never employ