You're replying to a comment by Justin.

Justin Permalink
October 26, 2009, 16:18

Hi. I know a lot of people are surprised by this little exploit but this is a well documented case in ldd. I remember this coming up as a bullet point at a local LUG meeting back in 1997 when we were installing Slackware on a box.

Needless to say, this really is an educate yourself deal as opposed to a "fix this, fix this!" exploit. You can head over to TLDP and see a clear warning about this.

I applaud the author for reminding everyone about this important issue, but (in my opinion) it really isn't a problem with per se. When an executable says they are needing a different loader, the natural behavior should be to load the external loader. That alone should ring sysadmin bells, an external loader is being used...Do I trust it? All in all it comes down to a sysadmin watching their back and understanding how things work.

Reply To This Comment

(why do I need your e-mail?)

(Your twitter name, if you have one. (I'm @pkrumins, btw.))

Type the word "rocket_156": (just to make sure you're a human)

Please preview the comment before submitting to make sure it's OK.