Slashdot Mirror

← Back to Stories (view on slashdot.org)

Arbitrary Code Execution With "ldd"

Posted by kdawson on from the so-easy dept.

pkrumins writes "The ldd utility is more vulnerable than you think. It's frequently used by programmers and system administrators to determine the dynamic library dependencies of executables. Sounds pretty innocent, right? Wrong! It turns out that running ldd on an executable can result in executing arbitrary code. This article details how such executable can be constructed and comes up with a social engineering scenario that may lead to system compromise. I researched this subject thoroughly and found that it's almost completely undocumented."

12 of 184 comments (clear)

  1. ldd pwned by Anonymous Coward · · Score: 2, Funny

    Sounds like someone needs to make LDD not capable of executing arbitrary code then =] /captainobvious

    1. Re:ldd pwned by postbigbang · · Score: 5, Funny

      Uh, hello? Tech support?

      You want me to do what with ldd?

      Are you the same guy that told me to rm *? That wasn't funny....

      --
      ---- Teach Peace. It's Cheaper Than War.
  2. Quickly! by Drunken+Buddhist · · Score: 2, Funny

    Fetch me my tinfoil hat!

    --
    -1, Disagree is not a valid option. Troll, Flamebait and Offtopic are not a substitute.
  3. Another WIN in WINdows by MyLongNickName · · Score: 5, Funny

    In Windows, we avoid this vulnerability by giving you absolutely no fricking clue what dependencies exist for any given DLL. Suck that Unix fanboys!

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  4. Re:the bug is not in ldd by Anonymous Coward · · Score: 3, Funny

    So our lesson here is... don't run any scripts we don't fully understand as root. Thanks Slashdot - I feel so informed today!

  5. Don't worry... by wandazulu · · Score: 2, Funny

    ...I'm sure someone will find some other vulnerability.

  6. Remember to Exit Stage Left by HaloZero · · Score: 5, Funny

    I researched this subject thoroughly and found that it's almost completely undocumented.

    Completely undocumented... <CARUSO NAME="david" STYLE="csi/miami" SHADES="true"> ...until now. </CARUSO>

    YEAAAAAAAAAH!

    --
    Informatus Technologicus
  7. Re:Cool and so what by the+99th+penguin · · Score: 4, Funny

    times like this, I just want to be able to say:
    sandbox $whatever_command
    and have it run in a completely safe environment.
    [...] Or does such a thing exist?

    A virtual machine you mean?

  8. Re:the bug is not in ldd by Anonymous Coward · · Score: 1, Funny

    How do I turn my PC into that drop box you're talking about. I have no interest in child porn, though... no none at all... yes, uh, uhm... it's for uhh... academic, yes academic purposes.... yeah

  9. Rename it! by mweather · · Score: 3, Funny

    They should rename it iddqd in honour of this new feature.

  10. Re:the bug is not in ldd by camperdave · · Score: 2, Funny

    That's why I cross-compile my Gentoo on my Atari 600XL. It may take a few months longer, but it's worth it.

    --
    When our name is on the back of your car, we're behind you all the way!
  11. Re:the bug is not in ldd by bsDaemon · · Score: 5, Funny

    I pretty much only code in Perl these days, so... not even the ones I've written myself, I guess.