On 16/10/23 10:46, Siddhesh Poyarekar wrote: > On 2023-10-16 09:33, Alejandro Colomar wrote: >> Hi Siddhesh, >> >> On Mon, Oct 16, 2023 at 09:28:39AM -0400, Siddhesh Poyarekar wrote: >>>> Should we maybe keep this example, and suggest using it with sandboxing? >>>> Or is it not useful anymore? >>> >>> I don't see the point TBH. >> >> The point was to add another layer of security, in case the sanboxing is >> not perfect. >> >>> I wouldn't mind if that example was replaced >>> with lddtree as the alternative since it is functionally equivalent. However >>> it would be a safer recommendation to put that too inside a sandbox because >>> IMO you'd generally never want to run or even analyze arbitrary executables >>> without proper sandboxing. >> >> Sure, I didn't know about lddtree. Feel free to use it. > > Mike, could you please post a patch replacing the objdump example with lddtree and recommending sandboxing? Sometime ago I created a tool that tried to mimic glibc loader algorithm [1] as close as possible, including support to read ld.so.cache directly (including its multiple versions and hwcap support), support for ld.preaload file, $PLATFORM support, and hwcap support. I think the only missing support and the kernel addresses and vdso, which is not possible without actually loading the binary. [1] https://github.com/zatrazz/rldd
