惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
WordPress大学
WordPress大学
量子位
M
Microsoft Research Blog - Microsoft Research
Microsoft Azure Blog
Microsoft Azure Blog
Jina AI
Jina AI
罗磊的独立博客
V
Visual Studio Blog
Last Week in AI
Last Week in AI
阮一峰的网络日志
阮一峰的网络日志
IT之家
IT之家
aimingoo的专栏
aimingoo的专栏
雷峰网
雷峰网
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
博客园 - 三生石上(FineUI控件)
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
MongoDB | Blog
MongoDB | Blog
小众软件
小众软件
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog

LWN.net comments

schism status [LWN.net] Bluetooth fixed on my Yogabook [LWN.net] Megapatch [LWN.net] With hindsight, it was a code smell anyway [LWN.net] About isolation and memory errors [LWN.net] With hindsight, it was a code smell anyway [LWN.net] Be careful what you wish for [LWN.net] Browser [LWN.net] Complete opposite [LWN.net] A hurdle for the attacker? [LWN.net] important thing With hindsight, it was a code smell anyway [LWN.net] Intel bug workaround Browser A hurdle for the attacker? [LWN.net] Browser [LWN.net] schism status [LWN.net] PQC signing for distros relying on OpenPGP? [LWN.net] Browser [LWN.net] Browser [LWN.net] Browser [LWN.net] Better off keeping it vague [LWN.net] Browser [LWN.net] Complete opposite [LWN.net] A hurdle for the attacker? [LWN.net] Better off keeping it vague [LWN.net] Better off keeping it vague [LWN.net] Under 10 [LWN.net] With hindsight, it was a code smell anyway [LWN.net] With hindsight, it was a code smell anyway [LWN.net] A hurdle for the attacker? [LWN.net] A hurdle for the attacker? [LWN.net] A careful programmer... [LWN.net] PQC signing for distros relying on OpenPGP? [LWN.net] PQC signing for distros relying on OpenPGP? [LWN.net] PQC signing for distros relying on OpenPGP? [LWN.net] PQC signing for distros relying on OpenPGP? [LWN.net] Better off keeping it vague [LWN.net] It's a shame [LWN.net] Is your age restriction really necessary? [LWN.net] PQC signing for distros relying on OpenPGP? [LWN.net] Our editor-in-chief's inimitable dry humor [LWN.net] PQC signing for distros relying on OpenPGP? [LWN.net] schism status [LWN.net] Does using per-CPU variables in preemptable code make sense? [LWN.net] One option for dirty frag via selinux, dependent on user cases where ipsec is needed [LWN.net] Better off keeping it vague [LWN.net] Cost of LLMs in the cloud [LWN.net] Cost of LLMs in the cloud [LWN.net] everyone wins here [LWN.net] Thoughts from a younger generation.. [LWN.net] a bit of fishes vs bicycles comparison [LWN.net] Better off keeping it vague [LWN.net] Better off keeping it vague [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Better off keeping it vague [LWN.net] Better off keeping it vague [LWN.net] Better off keeping it vague [LWN.net] Some performance numbers? [LWN.net] workaround is okay [LWN.net] Better off keeping it vague [LWN.net] Thoughts from a younger generation.. [LWN.net] OpenWrt One still available for sale! [LWN.net] Does using per-CPU variables in preemptable code make sense? [LWN.net] Excellent communication [LWN.net] It's a shame [LWN.net] Fade out [LWN.net] Fade out [LWN.net] Which cards? [LWN.net] Which cards? [LWN.net] Better off keeping it vague [LWN.net] Hype isn't going anywhere at this rate [LWN.net] Per-CPU PGDs... [LWN.net] It's a shame [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] __set_flex_counter() and __flex_counter() [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] If you only want to work, why live? [LWN.net] Thoughts from a younger generation.. [LWN.net] If you only want to work, why live? [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] Thoughts from a younger generation.. [LWN.net] RISKS Archive [LWN.net] RISKS Archive [LWN.net] Origin of the quote. [LWN.net] Thoughts from a younger generation.. [LWN.net]
Be careful what you wish for [LWN.net]
chmod · 2026-05-24 · via LWN.net comments

Be careful what you wish for

Posted May 23, 2026 19:20 UTC (Sat) by chmod (subscriber, #169510)
In reply to: Be careful what you wish for by cyperpunks
Parent article: Vulnerabilities in various GTK-based PDF readers

I wouldn't say that the .note.gnu.build-id has anything to do with security. It is intended for debugging and profiling to have a key to lookup ELF binaries/debuginfo/sources, e.g. it can be used to query debuginfod. Even in the standard use-case, it is not cryptographically tied to the ELF content, it can be random or user-controlled, e.g. 

echo 'int main() { return 42; }' |gcc -xc - -Wl,--build-id=0x0123456789012345678901234567890123456789
From what I have understood, the only requirement is to place 9 "magic" bytes (%PDF-1.4\n) in the first 1024 bytes of the ELF/PDF. I guess there are plenty of other possibilities aside the build id, like other notes or just between ELF segments.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。