Stuart Henderson <s...@spacehopper.org> wrote: > On 2023/10/18 06:35, Theo de Raadt wrote: > > ldd around suid programs has a fine history of security holes. > > > > One idea is for you to just not not do that. > > > > You don't explain why you need to do this. You just completely skipped > > that. > > You don't justify why you need it to work. Does that make me care?? No, it > > really doesn't make me care. > > The usual reason for this is to find libraries needed to copy into > a chroot jail to make some binary work. > > > > How can I solve this? Please let me know if you have any good > > > alternatives. > > There are two approaches. > > - use another tool to read the ELF header and parse NEEDED entries > from that. several are available (including at least one which will > recurse to show inter-library dependencies too, though I forget > what it's called) > > - provide an alternative binary which _can_ be executed by ldd >
No Stuart, I don't care because he doesn't care to tell us why he needs this. It remains possible to simply not need to inspect those programs. I doubt setuid programs are being copied into a chroot jail. But, mostly I don't care because I'm sick and tired of 'bug reports' that don't explain the usage case. ldd's environment variable game has had holes, and all the valiant attempts we make will create holes in the future, I'd bet money on it.
