On Tue, Feb 06, 2007 at 08:04:33PM -0500, Aaron M. Ucko wrote: > Pierre HABOUZIT <madcoder@debian.org> writes: > > > # ctl is in bcc > > reassign 149722 bash > > Fair enough (building bash with -DAFS is probably a good idea in any > case), but I'd still appreciate a response to the last line or so of > my original report: > > >> but I don't see any good reason for ldd to be checking access in the > >> first place. > > To wit, why should ldd *care* whether its argument appears to be > readable (or, for that matter, executable, though failing that check > merely leads to a warning) at all? Security vaguely comes to mind, > but the restriction's too easy to circumvent in normal circumstances > for that to carry much weight. well, /usr/bin/ldd is just a bash script quite easy to read. IMHO the sole reason test -r is performed is to give readable error messages to the user. the script is a matter of: if test -r $file; then if ! test -x $file && "file is not a library"; then # barf about it not beeing executable by you fi # do our stuff else # readable error message fi eventually, ldd runs sth that looks like: LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW= LD_LIBRARY_VERSION= LD_VERBOSE= /lib/ld-2.3.6.so $file if $file do not exists e.g. it gives: /bin/bas: error while loading shared libraries: /bin/bas: cannot open shared object file: No such file or directory With ldd, you have a nice _localized_ user readable error message. ldd /bin/bas ldd: /bin/bas: No such file or directory Here is the why and how :) -- ·O· Pierre Habouzit ··O madcoder@debian.org OOO http://www.madism.org
Attachment:
pgpTV9Q4Q40kL.pgp
Description: PGP signature