On 16 Oct 2023 02:19, Siddhesh Poyarekar wrote: > The binutils security policy[1] states that diagnostic tools should not > be expected to be safe without sandboxing, so it doesn't make sense to > recommend it as the alternative to ldd, especially since it is not a > drop-in replacement. Recommend sandboxing instead, since that is in > fact the safest known way at the moment to deal with untrusted binaries. fwiw, this is one reason why i wrote `lddtree` (although the primary reason was cross-compiling and separate-root dirs). it's part of the pax-utils project that's available in most distros now. -mike
Attachment:
signature.asc
Description: PGP signature
