mirror of https://github.com/mkerrisk/man-pages
ldd.1: Add more detail on ldd security implications, noting glibc 2.27 changes
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
36454047ec
commit
e5486b10fa
13
man1/ldd.1
13
man1/ldd.1
|
@ -75,14 +75,21 @@ Be aware that in some circumstances
|
||||||
some versions of
|
some versions of
|
||||||
.BR ldd
|
.BR ldd
|
||||||
may attempt to obtain the dependency information
|
may attempt to obtain the dependency information
|
||||||
by attempting to directly execute the program
|
by attempting to directly execute the program,
|
||||||
(which may lead to the execution of whatever code is defined
|
which may lead to the execution of whatever code is defined
|
||||||
in the program's ELF interpreter,
|
in the program's ELF interpreter,
|
||||||
and perhaps to execution of the program itself).
|
and perhaps to execution of the program itself.
|
||||||
.\" Mainline glibc's ldd allows this possibility (the line
|
.\" Mainline glibc's ldd allows this possibility (the line
|
||||||
.\" try_trace "$file"
|
.\" try_trace "$file"
|
||||||
.\" in glibc 2.15, for example), but many distro versions of
|
.\" in glibc 2.15, for example), but many distro versions of
|
||||||
.\" ldd seem to remove that code path from the script.
|
.\" ldd seem to remove that code path from the script.
|
||||||
|
(Until glibc version 2.27,
|
||||||
|
.\" glibc commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c
|
||||||
|
the upstream
|
||||||
|
.B ldd
|
||||||
|
implementation did this for example,
|
||||||
|
although most distributions provided a modified version that did not.)
|
||||||
|
.PP
|
||||||
Thus, you should
|
Thus, you should
|
||||||
.I never
|
.I never
|
||||||
employ
|
employ
|
||||||
|
|
Loading…
Reference in New Issue