Bug#650536: [new check] test for missing hardening build flags
* Niels Thykier <niels@thykier.net>, 2011-12-08, 12:06:
I was informed (and have verified) that hardening-check uses "ldd(1)". 
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it is 
run on[1].  This smells like a CVE in the making,
AFAIUI, ldd in our libc is not vulnerable to arbitrary code execution 
since 2.10.1-7.
The other problem with using ldd is that it won't work for binaries of 
foreign architecture.
so would it be possible for you to update hardening-check to use 
readelf instead[2]?
Currently ldd is used to discover which libc the binaries is linked to, 
in order to read symbol from the libc library. But this won't work, even 
when using readelf, for foreign architecture binaries, for the simple 
reason that such libc might not exist on the user's system.
--
Jakub Wilk
Reply to: