Bug#650536: [new check] test for missing hardening build flags
* Niels Thykier <niels@thykier.net>, 2011-12-08, 12:06:
I was informed (and have verified) that hardening-check uses "ldd(1)".
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it is
run on[1]. This smells like a CVE in the making,
AFAIUI, ldd in our libc is not vulnerable to arbitrary code execution
since 2.10.1-7.
The other problem with using ldd is that it won't work for binaries of
foreign architecture.
so would it be possible for you to update hardening-check to use
readelf instead[2]?
Currently ldd is used to discover which libc the binaries is linked to,
in order to read symbol from the libc library. But this won't work, even
when using readelf, for foreign architecture binaries, for the simple
reason that such libc might not exist on the user's system.
--
Jakub Wilk
Reply to: