You're viewing a comment by Thomas and its responses.
|
We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. |
About the site:
Twitter
Facebook
Plurk
more
GitHub
LinkedIn
FriendFeed
Google PlusSubscribe to my posts:
Server Sponsors
I am being sponsored by Syntress! They bought me an amazing dedicated server to run catonmat on. If you're looking web services, I highly recommend the Syntress guys!
My Amazon Wish List
I love to read science books. They make my day and I get ideas for awesome blog posts, such as Busy Beaver, On Functors, Recursive Regular Expressions and many others.
Take a look at my 
Amazon wish list, if you're curious about what I have planned reading next, and want to surprise me. :)
My Other Websites
Top Ten Articles:
- Top Ten One-Liners from CommandLineFu Explained
- My Job Interview at Google
- MIT's Introduction to Algorithms, Lectures 1 and 2: Analysis of Algorithms
- Famous Awk One-Liners Explained, Part I: File Spacing, Numbering and Calculations
- The Definitive Guide to Bash Command Line History
- Working Productively in Bash's Vi Command Line Editing Mode (with Cheat Sheet)
- Vim Plugins You Should Know About, Part VI: nerd_tree.vim
- Vim Plugins You Should Know About, Part I: surround.vim
- Famous Sed One-Liners Explained, Part I: File Spacing, Numbering and Text Conversion and Substitution
- Learning JavaScript Programming Language through Video Lectures
Top Ten Downloads:
- awk cheat sheet (.pdf) (99,065)
- perl's pack/unpack and printf cheat sheet (.pdf) (78,030)
- bash history cheat sheet (.pdf) (71,525)
- sed stream editor cheat sheet (.pdf) (67,299)
- screen cheat sheet (.pdf) (54,821)
- perl's special variable cheat sheet (.pdf) (50,295)
- bash vi editing mode cheat sheet (.pdf) (45,936)
- perl1line.txt (43,157)
- crypt-o.mp3 (musical geek friday #1) (42,077)
- the bill gates song.mp3 (musical geek friday #8) (40,296)
Recent Articles:
- Announcing my third e-book "Perl One-Liners Explained"
- How Browserling Works [art]
- Node.js modules you should know about: procstreams
- Browserling has a new design!
- Node.js modules you should know about: everyauth
- How to setup Stripe payments with node.js
- A Perl Regular Expression That Matches Prime Numbers
- Node.js modules you should know about: jsonstream
- Node.js modules you should know about: cradle
- Node.js modules you should know about: semver
Article Categories:
- Awk Programming (8)
- Cheat Sheets (9)
- Computer Science (8)
- Hacker's Approach (5)
- Howto (10)
- Introduction to Algorithms (15)
- Linear Algebra (6)
- Mathematics (1)
- Misc (8)
- Musical Geek Friday (17)
- Node.js Modules (15)
- Perl Programming (13)
- Programming (29)
- Projects (13)
- Security (1)
- StackVM Startup (10)
- The New Catonmat (1)
- Tools (1)
- Unix Shell (17)
- Video Lectures (17)
- Visual Math Friday (1)
Article Archive:
- February, 2012 (1)
- January, 2012 (4)
- December, 2011 (15)
- November, 2011 (3)
- October, 2011 (2)
- September, 2011 (2)
- August, 2011 (3)
- July, 2011 (1)
- June, 2011 (2)
- May, 2011 (1)
- April, 2011 (1)
- March, 2011 (1)
- February, 2011 (1)
- January, 2011 (1)
- December, 2010 (2)
- November, 2010 (1)
- October, 2010 (1)
- September, 2010 (1)
- August, 2010 (2)
- July, 2010 (2)
- June, 2010 (2)
- May, 2010 (2)
- April, 2010 (2)
- March, 2010 (5)
- February, 2010 (5)
- January, 2010 (7)
- December, 2009 (6)
- November, 2009 (6)
- October, 2009 (2)
- September, 2009 (3)
- August, 2009 (2)
- July, 2009 (4)
- June, 2009 (1)
- April, 2009 (1)
- March, 2009 (2)
- February, 2009 (7)
- January, 2009 (4)
- December, 2008 (8)
- November, 2008 (7)
- October, 2008 (4)
- September, 2008 (5)
- August, 2008 (9)
- July, 2008 (14)
- June, 2008 (4)
- May, 2008 (5)
- April, 2008 (8)
- March, 2008 (3)
- February, 2008 (1)
- January, 2008 (1)
- November, 2007 (1)
- October, 2007 (3)
- September, 2007 (5)
- August, 2007 (10)
- July, 2007 (9)
Technology Solutions
Advertisements
Video Chat
Advertisements
Advertisements
So since this has clearly been a known concern with ldd for ages, it's intriguing to me that a) I've never even heard of it and b) it looks simple to patch ldd to avoid this vector.
True, it's not a security exploit. It is, however, unexpected behaviour, at least to some of us, and as Peteris points out can be a useful rung on a privilege-escalation ladder.
Anyone feel like submitting a patch upstream?
-- Thomas
Reply To This Comment