On Tue, Feb 06, 2007 at 08:04:33PM -0500, Aaron M. Ucko wrote:
> Pierre HABOUZIT <madcoder@debian.org> writes:
>
> > # ctl is in bcc
> > reassign 149722 bash
>
> Fair enough (building bash with -DAFS is probably a good idea in any
> case), but I'd still appreciate a response to the last line or so of
> my original report:
>
> >> but I don't see any good reason for ldd to be checking access in the
> >> first place.
>
> To wit, why should ldd *care* whether its argument appears to be
> readable (or, for that matter, executable, though failing that check
> merely leads to a warning) at all? Security vaguely comes to mind,
> but the restriction's too easy to circumvent in normal circumstances
> for that to carry much weight.
well, /usr/bin/ldd is just a bash script quite easy to read. IMHO the
sole reason test -r is performed is to give readable error messages to
the user. the script is a matter of:
if test -r $file; then
if ! test -x $file && "file is not a library"; then
# barf about it not beeing executable by you
fi
# do our stuff
else
# readable error message
fi
eventually, ldd runs sth that looks like:
LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW= LD_LIBRARY_VERSION= LD_VERBOSE= /lib/ld-2.3.6.so $file
if $file do not exists e.g. it gives:
/bin/bas: error while loading shared libraries: /bin/bas: cannot open shared object file: No such file or directory
With ldd, you have a nice _localized_ user readable error message.
ldd /bin/bas
ldd: /bin/bas: No such file or directory
Here is the why and how :)
--
·O· Pierre Habouzit
··O madcoder@debian.org
OOO http://www.madism.org
Attachment:
pgpTV9Q4Q40kL.pgp
Description: PGP signature