You're viewing a comment by Justin and its responses.
|
The open secrets of good design practice include the importance of knowing what to keep whole, what to combine, what to separate, and what to throw away. |
About the site:
Twitter
Facebook
Plurk
more
GitHub
LinkedIn
FriendFeed
Google PlusSubscribe to my posts:
Server Sponsors
I am being sponsored by Syntress! They bought me an amazing dedicated server to run catonmat on. If you're looking web services, I highly recommend the Syntress guys!
My Amazon Wish List
I love to read science books. They make my day and I get ideas for awesome blog posts, such as Busy Beaver, On Functors, Recursive Regular Expressions and many others.
Take a look at my 
Amazon wish list, if you're curious about what I have planned reading next, and want to surprise me. :)
My Other Websites
Top Ten Articles:
- Top Ten One-Liners from CommandLineFu Explained
- My Job Interview at Google
- MIT's Introduction to Algorithms, Lectures 1 and 2: Analysis of Algorithms
- Famous Awk One-Liners Explained, Part I: File Spacing, Numbering and Calculations
- The Definitive Guide to Bash Command Line History
- Working Productively in Bash's Vi Command Line Editing Mode (with Cheat Sheet)
- Vim Plugins You Should Know About, Part VI: nerd_tree.vim
- Vim Plugins You Should Know About, Part I: surround.vim
- Famous Sed One-Liners Explained, Part I: File Spacing, Numbering and Text Conversion and Substitution
- Learning JavaScript Programming Language through Video Lectures
Top Ten Downloads:
- awk cheat sheet (.pdf) (99,065)
- perl's pack/unpack and printf cheat sheet (.pdf) (78,031)
- bash history cheat sheet (.pdf) (71,526)
- sed stream editor cheat sheet (.pdf) (67,299)
- screen cheat sheet (.pdf) (54,821)
- perl's special variable cheat sheet (.pdf) (50,295)
- bash vi editing mode cheat sheet (.pdf) (45,936)
- perl1line.txt (43,157)
- crypt-o.mp3 (musical geek friday #1) (42,079)
- the bill gates song.mp3 (musical geek friday #8) (40,296)
Recent Articles:
- Announcing my third e-book "Perl One-Liners Explained"
- How Browserling Works [art]
- Node.js modules you should know about: procstreams
- Browserling has a new design!
- Node.js modules you should know about: everyauth
- How to setup Stripe payments with node.js
- A Perl Regular Expression That Matches Prime Numbers
- Node.js modules you should know about: jsonstream
- Node.js modules you should know about: cradle
- Node.js modules you should know about: semver
Article Categories:
- Awk Programming (8)
- Cheat Sheets (9)
- Computer Science (8)
- Hacker's Approach (5)
- Howto (10)
- Introduction to Algorithms (15)
- Linear Algebra (6)
- Mathematics (1)
- Misc (8)
- Musical Geek Friday (17)
- Node.js Modules (15)
- Perl Programming (13)
- Programming (29)
- Projects (13)
- Security (1)
- StackVM Startup (10)
- The New Catonmat (1)
- Tools (1)
- Unix Shell (17)
- Video Lectures (17)
- Visual Math Friday (1)
Article Archive:
- February, 2012 (1)
- January, 2012 (4)
- December, 2011 (15)
- November, 2011 (3)
- October, 2011 (2)
- September, 2011 (2)
- August, 2011 (3)
- July, 2011 (1)
- June, 2011 (2)
- May, 2011 (1)
- April, 2011 (1)
- March, 2011 (1)
- February, 2011 (1)
- January, 2011 (1)
- December, 2010 (2)
- November, 2010 (1)
- October, 2010 (1)
- September, 2010 (1)
- August, 2010 (2)
- July, 2010 (2)
- June, 2010 (2)
- May, 2010 (2)
- April, 2010 (2)
- March, 2010 (5)
- February, 2010 (5)
- January, 2010 (7)
- December, 2009 (6)
- November, 2009 (6)
- October, 2009 (2)
- September, 2009 (3)
- August, 2009 (2)
- July, 2009 (4)
- June, 2009 (1)
- April, 2009 (1)
- March, 2009 (2)
- February, 2009 (7)
- January, 2009 (4)
- December, 2008 (8)
- November, 2008 (7)
- October, 2008 (4)
- September, 2008 (5)
- August, 2008 (9)
- July, 2008 (14)
- June, 2008 (4)
- May, 2008 (5)
- April, 2008 (8)
- March, 2008 (3)
- February, 2008 (1)
- January, 2008 (1)
- November, 2007 (1)
- October, 2007 (3)
- September, 2007 (5)
- August, 2007 (10)
- July, 2007 (9)
Technology Solutions
Advertisements
Video Chat
Advertisements
Advertisements
Hi. I know a lot of people are surprised by this little exploit but this is a well documented case in ldd. I remember this coming up as a bullet point at a local LUG meeting back in 1997 when we were installing Slackware on a box.
Needless to say, this really is an educate yourself deal as opposed to a "fix this, fix this!" exploit. You can head over to TLDP and see a clear warning about this.
I applaud the author for reminding everyone about this important issue, but (in my opinion) it really isn't a problem with ld-linux.so per se. When an executable says they are needing a different loader, the natural behavior should be to load the external loader. That alone should ring sysadmin bells, an external loader is being used...Do I trust it? All in all it comes down to a sysadmin watching their back and understanding how things work.
Reply To This Comment