From b4e6dcfff4943db858c6dd7f6f225c39b8aa3547 Mon Sep 17 00:00:00 2001 From: "Kwardakov, Michael" Date: Wed, 18 Jan 2017 13:12:21 +0300 Subject: [PATCH] Fix #428: add ldd security warning --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index df6ca81..cfe4663 100644 --- a/README.md +++ b/README.md @@ -321,7 +321,7 @@ mkdir empty && rsync -r --delete empty/ some-dir && rmdir some-dir - Know about `strace` and `ltrace`. These can be helpful if a program is failing, hanging, or crashing, and you don't know why, or if you want to get a general idea of performance. Note the profiling option (`-c`), and the ability to attach to a running process (`-p`). -- Know about `ldd` to check shared libraries etc. +- Know about `ldd` to check shared libraries etc, but never run it on untrusted files ([read more](http://www.catonmat.net/blog/ldd-arbitrary-code-execution/)) - Know how to connect to a running process with `gdb` and get its stack traces.