Merge pull request #487 from mkwardakov/ldd-secure

Fix #428: add ldd security warning
This commit is contained in:
Joshua Levy 2017-05-20 10:44:12 -07:00 committed by GitHub
commit 6b914dc64a

View file

@ -323,7 +323,7 @@ mkdir empty && rsync -r --delete empty/ some-dir && rmdir some-dir
- Know about `strace` and `ltrace`. These can be helpful if a program is failing, hanging, or crashing, and you don't know why, or if you want to get a general idea of performance. Note the profiling option (`-c`), and the ability to attach to a running process (`-p`). Use trace child option (`-f`) to avoid missing important calls. - Know about `strace` and `ltrace`. These can be helpful if a program is failing, hanging, or crashing, and you don't know why, or if you want to get a general idea of performance. Note the profiling option (`-c`), and the ability to attach to a running process (`-p`). Use trace child option (`-f`) to avoid missing important calls.
- Know about `ldd` to check shared libraries etc. - Know about `ldd` to check shared libraries etc — but [never run it on untrusted files](http://www.catonmat.net/blog/ldd-arbitrary-code-execution/).
- Know how to connect to a running process with `gdb` and get its stack traces. - Know how to connect to a running process with `gdb` and get its stack traces.