Slashdot Mirror


Arbitrary Code Execution With "ldd"

pkrumins writes "The ldd utility is more vulnerable than you think. It's frequently used by programmers and system administrators to determine the dynamic library dependencies of executables. Sounds pretty innocent, right? Wrong! It turns out that running ldd on an executable can result in executing arbitrary code. This article details how such executable can be constructed and comes up with a social engineering scenario that may lead to system compromise. I researched this subject thoroughly and found that it's almost completely undocumented."

5 of 184 comments (clear)

  1. Re:ldd pwned by postbigbang · · Score: 5, Funny

    Uh, hello? Tech support?

    You want me to do what with ldd?

    Are you the same guy that told me to rm *? That wasn't funny....

    --
    ---- Teach Peace. It's Cheaper Than War.
  2. Another WIN in WINdows by MyLongNickName · · Score: 5, Funny

    In Windows, we avoid this vulnerability by giving you absolutely no fricking clue what dependencies exist for any given DLL. Suck that Unix fanboys!

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  3. Remember to Exit Stage Left by HaloZero · · Score: 5, Funny

    I researched this subject thoroughly and found that it's almost completely undocumented.

    Completely undocumented... <CARUSO NAME="david" STYLE="csi/miami" SHADES="true"> ...until now. </CARUSO>

    YEAAAAAAAAAH!

    --
    Informatus Technologicus
  4. Re:Cool and so what by the+99th+penguin · · Score: 4, Funny

    times like this, I just want to be able to say:
    sandbox $whatever_command
    and have it run in a completely safe environment.
    [...] Or does such a thing exist?

    A virtual machine you mean?

  5. Re:the bug is not in ldd by bsDaemon · · Score: 5, Funny

    I pretty much only code in Perl these days, so... not even the ones I've written myself, I guess.