Language Selection

English French German Italian Portuguese Spanish

New tiny project: lddsafe

Filed under
Software

Some days ago we could all read that “ldd”, a tool which prints shared library dependencies, should not be run on untrusted binaries. I read it first on Hacker News and later it hit Slashdot’s frontpage. In some operating systems, this is stated clearly in the man page for the program, while in others it’s not mentioned at all. I belonged to the camp that didn’t know about it and I was a bit surprised. I supposed ldd was doing its job by examining the binary file and not by running it setting some special environment variables.

A Hacker News user, anyway, pointed out something interesting. You can easily get information about the needed shared library dependencies for a program or library using “objdump”, so I spent a few hours writing and tweaking a small script called lddsafe that prints almost the same information as “ldd” using “objdump” and avoiding the security problems, as it doesn’t have to run the program.

Rest Here




More in Tux Machines

Development News

OSS Leftovers

  • The most in demand skills you need for an open source job
    With coding and software development in serious need of talent, it’s essentially a graduate’s market, but you still need the right combination of skills and attributes to beat the competition. When it comes to open source and DevOps, a deeper understanding is essential.
  • Why the Open Source Cloud Is Important
    To this end, foundations such as the Cloud Foundry Foundation, Cloud Native Computing Foundation (CNCF) and Open Container Initiative (OCI) at The Linux Foundation are actively bringing in new open source projects and engaging member companies to create industry standards for new cloud-native technologies. The goal is to help improve interoperability and create a stable base for container operations on which companies can safely build commercial dependencies.
  • AI Platforms Welcome Devs With Open Arms
    Two leaders in the field of artificial intelligence have announced that they're open-sourcing their AI platforms. After investing in building rich simulated environments to serve as laboratories for AI research, Google's DeepMind Lab on Saturday said it would open the platform for the broader research community's use. DeepMind has been using its AI lab for some time, and it has "only barely scratched the surface of what is possible" in it, noted team members Charlie Beattie, Joel Leibo, Stig Petersen and Shane Legg in an online post.
  • The Linux Foundation Seeks Technical and Business Speakers for Open Networking Summit 2017
  • Pencils down: Why open source is the future of standardized testing
    Administering standardized tests online is trickier than it sounds. Underneath the facade of simple multiple choice forms, any workable platform needs a complex web of features to ensure that databases don’t buckle under the pressure of tens of thousands of test takers at once. On top of that, it also needs to ensure that responses are scored correctly and that it’s impossible for students to cheat.
  • LLVM 4.0 Planned For Release At End Of February, Will Move To New Versioning Scheme
    Hans Wennborg has laid out plans to release the LLVM 4.0 (and Clang 4.0, along with other LLVM sub-projects) toward the end of February. The proposal by continuing LLVM release manager Hans Wennborg puts the 4.0 branching followed by RC1 at 12 January, RC2 at 1 February, and the official release around 21 February.

Red Hat and Fedora

Games for GNU/Linux