Language Selection

English French German Italian Portuguese Spanish

New tiny project: lddsafe

Filed under
Software

Some days ago we could all read that “ldd”, a tool which prints shared library dependencies, should not be run on untrusted binaries. I read it first on Hacker News and later it hit Slashdot’s frontpage. In some operating systems, this is stated clearly in the man page for the program, while in others it’s not mentioned at all. I belonged to the camp that didn’t know about it and I was a bit surprised. I supposed ldd was doing its job by examining the binary file and not by running it setting some special environment variables.

A Hacker News user, anyway, pointed out something interesting. You can easily get information about the needed shared library dependencies for a program or library using “objdump”, so I spent a few hours writing and tweaking a small script called lddsafe that prints almost the same information as “ldd” using “objdump” and avoiding the security problems, as it doesn’t have to run the program.

Rest Here




More in Tux Machines

HMRC and FOSS

Open source in the enterprise brings opportunities and challenges

The final challenge open source presents relates to staff skills. Simply put, open source requires a higher level of technical talent than traditional proprietary solutions, because there’s a world of difference between building a solution and operating someone else’s solution. The latter is the world of certifications and cookie-cutter solutions; the former requires creativity, self-reliance, and technical chops. Newly-hired technical employees tend to come with open source experience and an inclination toward self-generated solutions, while many long-term IT employees are much more comfortable with a vendor-centric world. However, most organizations can’t (and shouldn’t) do a wholesale replacement of personnel. So IT organizations face the task of reskilling existing employees, integrating new staff, all while architecting new systems and ripping out old ones. Read more

VCs who miss the point of open source shouldn't fund it

The errors highlighted here are not merely mistakes; rather, they reveal a worldview. People who believe that Apache is a competitor, OSI approves licenses that permit monopolization, Red Hat is a business that’s succeeded through artificial scarcity, and open source communities with diverse agendas are "broken" are not the people you want in your new open source business. They will try to persuade you to secure software patents so that they have an asset to trade when you fail; they will eject you from your own company when you try to hold true to software freedom principles; and they will treat your business as a failure if all it does is earn a decent living for you and your employees. You may want to grow your open source-based business another way. Read more

Blackberry Priv review: Finally succumbs to Android, and does well!

To start, the Priv is an Android device with a physical keyboard — this is unique (but not the first). The screen slides up to reveal the 4-row keypad which, incidentally, also doubles up as a trackpad (similar to the BlackBerry passport). The screen is a 2k resolution amoled unit with gorgeous colours and deep blacks. It slides out with a satisfying (and sometimes addictive) spring-loaded action. It also curves slightly on both sides and this allows for some 'edge' functionality like a single line battery indicator and slide out actions. Under the keypad, you'll see the speaker grill. On top, there is a slot each for a nano SIM and micro SD. The micro USB port and 3.5mm audio out are on the bottom edge. Power button is on the left while the volume rocker is on the right. Around the back is a familiar glass weave design — it looks like carbon fiber but is soft to the touch, resists fingerprints and is very durable. Read more