oss-sec mailing list archives
Just a reminder to never run ldd or strings on untrusted binaries
From: Markus Klyver <markusklyver () hotmail com>
Date: Thu, 4 Apr 2024 01:16:07 +0000
I'm not sure if people are aware of the fact that ldd can run the executable under certain circumstances. Also running strings on a malicious file can be a bad idea: https://jmmv.dev/2023/07/ldd-untrusted-binaries.html https://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html This advice would extend to other common tools as well, like objdump and readelf. Markus
Current thread:
- Just a reminder to never run ldd or strings on untrusted binaries Markus Klyver (Apr 04)
- Re: Just a reminder to never run ldd or strings on untrusted binaries Matthew Fernandez (Apr 04)