Hacker News new | past | comments | ask | show | jobs | submit login

> Lesson to be learned: Never run ldd on unknown executables!

The lesson learned is legit, but I feel like this attack model is relatively weak. I think it will get more attention if it's `file` command rather than `ldd`. (btw all syntax highlighting in the article is broken)




It's not so long ago that `file` did have security issues (well libmagic):

https://ubuntu.com/security/notices/USN-4172-1

or:

https://packetstormsecurity.com/files/127226/FreeBSD-Securit...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: