Hacker News new | past | comments | ask | show | jobs | submit login
Ldd Arbitrary Code Execution (catonmat.net)
6 points by zdw on Jan 22, 2022 | hide | past | favorite | 3 comments



Article is dated 2009.

Previous discussions:

- [2009] https://news.ycombinator.com/item?id=902958

- [2015] https://news.ycombinator.com/item?id=9629667


> Lesson to be learned: Never run ldd on unknown executables!

The lesson learned is legit, but I feel like this attack model is relatively weak. I think it will get more attention if it's `file` command rather than `ldd`. (btw all syntax highlighting in the article is broken)


It's not so long ago that `file` did have security issues (well libmagic):

https://ubuntu.com/security/notices/USN-4172-1

or:

https://packetstormsecurity.com/files/127226/FreeBSD-Securit...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: