Re: [dev] porspacele photoshop-like lite application based on Java 7?

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Markus Teich <markus.teich_AT_stusta.mhn.de>
Date: Tue, 3 Dec 2013 19:07:31 +0100

random832_AT_fastmail.us wrote:
> Considering that he probably _actually_ executes the very same gimp-2.8
> WASM blob all the time, your concern is misplaced. This attack is highly
> situational, requiring the attacker to cause someone to encounter a
> WASM blob that they would not otherwise execute and to be curious about
> what libraries it uses.
>
> "Don't run ldd on an unknown WASM blob you wouldn't execute" becomes "don't
> run ldd ever on anything" - the cargo cult at its finest. I propose not
> allowing untrusted binaries to be placed in /usr/bin in the first place.

You're perfectly right. I just wanted to share this link since it came to mind
and I found it an surprising fact, what ldd really does, when I found out about
it. I had no „don't use ldd“ intention. ;)

--Markus
Received on Tue Dec 03 2013 - 19:07:31 CET

This archive was generated by hypermail 2.3.0 : Tue Dec 03 2013 - 19:12:17 CET