Source URL: https://jmmv.dev/2023/07/ldd-untrusted-binaries.html
Source: Hacker News
Title: Ldd(1) and Untrusted Binaries (2023)
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: This text highlights a significant security concern about the `ldd` command, which can run untrusted binaries and introduce vulnerabilities. The discussion emphasizes the importance of understanding tool behaviors in security contexts, particularly for professionals dealing with binary exploitation and system security.
Detailed Description:
The provided text presents a detailed narrative regarding the behavior of the `ldd` command in Linux which has implications for information security. It uncovers the potential risks of running `ldd` on untrusted executables due to its execution of binaries to gather dependency information, thus exposing systems to security vulnerabilities.
Key points include:
– **Dynamic Library Inspection**: The author discusses analyzing dynamic libraries of binaries using the `ldd` command during troubleshooting, emphasizing that while it is a useful tool, it harbors risks when handling untrusted binaries.
– **Security Vulnerability**: A historical overview includes mentioning CVE-2009-5064, where it was noted that executing `ldd` on non-verified binaries could lead to system compromise. Although it was determined not a vulnerability due to its usage guidelines, the underlying risk remains.
– **Principle of Least Astonishment**: The author articulates disappointment in the expectation mismatch. Users may assume tools like `ldd` only read files but may execute them, which can lead to confusion and potential exploitation.
– **Patching of Security Flaw**: Various Linux distributions opted to patch the tool, despite original disputes over the security implications. A significant commit in 2017 was noted, which possibly addressed a security concern without explicit acknowledgement.
– **Alternatives Recommended**: If dealing with untrusted binaries, the author suggests safer options:
– `libtree` for visualizing library dependencies without execution.
– `objdump` and `readelf` commands capable of reading ELF headers and dependencies without executing binaries.
– **Questioning `ldd` Behavior**: The text ends with the author questioning why `ldd` relies on executing binaries instead of simply parsing file headers to gather required information, suggesting a fundamental design issue.
In conclusion, despite the confirmed behavior change in newer systems, the text underlines the persistent safety concerns regarding tools like `ldd` in the context of binary security. This serves as a crucial reminder for security professionals to exercise caution when utilizing tools that may execute unverified code, reinforcing the necessity for sound operational security practices.