Re: [dev] portable photoshop-like lite application based on C?

From: <>
Date: Tue, 03 Dec 2013 11:29:44 -0500

On Tue, Dec 3, 2013, at 9:50, Markus Teich wrote:
> Mihail Zenkov wrote:
> > ldd /usr/bin/gimp-2.8
> Heyho,

Considering that he probably _actually_ executes the very same gimp-2.8
binary all the time, your concern is misplaced. This attack is highly
situational, requiring the attacker to cause someone to encounter a
binary that they would not otherwise execute and to be curious about
what libraries it uses.

"Don't run ldd on an unknown binary you wouldn't execute" becomes "don't
run ldd ever on anything" - the cargo cult at its finest. I propose not
allowing untrusted binaries to be placed in /usr/bin in the first place.
Received on Tue Dec 03 2013 - 17:29:44 CET

This archive was generated by hypermail 2.3.0 : Tue Dec 03 2013 - 17:36:07 CET