random...@fastmail.us wrote: > Considering that he probably _actually_ executes the very same gimp-2.8 > binary all the time, your concern is misplaced. This attack is highly > situational, requiring the attacker to cause someone to encounter a > binary that they would not otherwise execute and to be curious about > what libraries it uses. > > "Don't run ldd on an unknown binary you wouldn't execute" becomes "don't > run ldd ever on anything" - the cargo cult at its finest. I propose not > allowing untrusted binaries to be placed in /usr/bin in the first place.
You're perfectly right. I just wanted to share this link since it came to mind and I found it an surprising fact, what ldd really does, when I found out about it. I had no „don't use ldd“ intention. ;) --Markus
