Language Selection

English French German Italian Portuguese Spanish

New tiny project: lddsafe

Filed under
Software

Some days ago we could all read that “ldd”, a tool which prints shared library dependencies, should not be run on untrusted binaries. I read it first on Hacker News and later it hit Slashdot’s frontpage. In some operating systems, this is stated clearly in the man page for the program, while in others it’s not mentioned at all. I belonged to the camp that didn’t know about it and I was a bit surprised. I supposed ldd was doing its job by examining the binary file and not by running it setting some special environment variables.

A Hacker News user, anyway, pointed out something interesting. You can easily get information about the needed shared library dependencies for a program or library using “objdump”, so I spent a few hours writing and tweaking a small script called lddsafe that prints almost the same information as “ldd” using “objdump” and avoiding the security problems, as it doesn’t have to run the program.

Rest Here




More in Tux Machines

Linux and Graphics

Security Leftovers

  • Cockpit 0.104
    Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.104 release.
  • FFmpeg 3.0.2 "Einstein" Multimedia Framework Released with Updated Components
    Today, April 28, 2016, the development team behind the popular FFmpeg open-source and cross-platform multimedia framework has released the second maintenance release in the stable FFmpeg 3.0 "Einstein" series. FFmpeg 3.0 was a massive release announced in mid-February, which brought in numerous existing changes, including support for decoding and encoding Common Encryption (CENC) MP4 files, support for decoding DXV streams, as well as support for decoding Screenpresso SPV1 streams.
  • Using bubblewrap in xdg-app
    At the core of xdg-app is a small helper binary that uses Linux features like namespaces to set up sandbox for the application. The main difference between this helper and a full-blown container system is that it runs entirely as the user. It does not require root privileges, and can never allow you to get access to things you would not otherwise have.
  • Build System Fallbacks
    If you are using Builder from git (such as via jhbuild) or from the gnome-builder-3-20 branch (what will become 3.20.4) you can use Builder with the fallback build system. This is essentially our “NULL” build system and has been around forever. But today, these branches learned something so stupidly obvious I’m ashamed I didn’t do it 6 months ago when implementing Build Configurations.
  • Node.js version 6 is now available

today's howtos

Leftovers: Gaming