Also if you are now shying away from running ldd, just make sure the
binary is of type ELF
and you are safe, the examination not the execution will take place. To
make sure something
you are about to ldd is ELF, just do this sort of thing:
$ od -c /usr/bin/grep | head -1
0000000 177 E L F 001 001 001 \0 \0 \0 \0 \0 \0 \0 \0 \0
Because ELF binaries ident themselves
$ man elf
ELF(5) OpenBSD Programmer's Manual
ELF(5)
NAME
elf - format of ELF executable binary files
SYNOPSIS
#include <elf_abi.h>
DESCRIPTION
The header file <elf_abi.h> defines the format of ELF executable binary
files. Amongst these files are normal executable files,
relocatable ob-
ject files, core files and shared libraries.
etc.
Jack Woehr wrote:
McKown, John wrote:
This is a scary article. I don't have a Linux on z system to test it
out on.
http://www.catonmat.net/blog/ldd-arbitrary-code-execution/
Oh, jeez, guys.
This is a kid's trick. The victim has to be stupid enough to execute
ldd against
a binary in the scamming user's write permission domain. And it
doesn't run
as root when it runs, just as the moron who executed this idiotic
command,
ldd ~jwoehr/hacks/bogus_binary
? Keep users who would do such things out of shell access. Let 'em
use the
web interface you provide them instead, it's safer that way.
--
Jack J. Woehr # «'I know what "it" means well enough, when I find
http://www.well.com/~jax # a thing,' said the Duck: 'it's generally a frog or
http://www.softwoehr.com # a worm.'» - Lewis Carroll, _Alice in Wonderland_
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
