This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Never try to execute the file in ldd
- From: Rich Felker <dalias at aerifal dot cx>
- To: Roland McGrath <roland at hack dot frob dot com>
- Cc: Andreas Schwab <schwab at suse dot de>, libc-alpha at sourceware dot org
- Date: Mon, 24 Mar 2014 23:11:04 -0400
- Subject: Re: [PATCH] Never try to execute the file in ldd
- Authentication-results: sourceware.org; auth=none
- References: <mvma9cfobqi dot fsf at hawking dot suse dot de> <20140324221023 dot 5F40374484 at topped-with-meat dot com>
On Mon, Mar 24, 2014 at 03:10:23PM -0700, Roland McGrath wrote:
> I always thought it wrong that it did that too. But I vaguely recall being
> told there was some reason for it. (Maybe even I thought myself there was
> an adequate reason. I can't recall any details now.) So we should
> understand what the past reasoning was and be sure it no longer applies
> today before we make such a change.
>
> The only thing that comes to mind is cases where PT_INTERP points to a
> different dynamic linker, such as a from build with a special --prefix=
> setup or something stranger. In those cases, what the vanilla rtld will
> think about search paths and so forth won't match what the actual PT_INTERP
> dynamic linker will do.
>
> But I'm not at all sure that was the case (or was the only case) that
> motivated the current behavior.
If there's really a need to support this kind of usage, I think by
default ldd should refuse to run when PT_INTERP doesn't match its own
idea of the dynamic linker, and should require a --force-run option or
something. In the default setup, it's completely non-obvious to most
admins that ldd _runs_ the program, and the "hey, root! this program
is spewing missing symbol errors!" social-engineering exploit is a
real risk.
Rich