Seasoned Unix admins may already know the pitfalls of blindly running
ldd on unknown executables. However, since this article was recently
released, I thought it might be good as a reminder to everyone to be
careful when using it.
This article shows some techniques on how to cause ldd to run arbitrary
code, and how easy it is to trick a sysadmin into executing that code as
This is an old exploit, but is shown to still be usable today. It is
recommended not to run ldd as root, use objdump instead, or, if you need
to use it anyway, run as a non-privileged user.
"objdump -p ./program | grep NEEDED"