Ldd
From Hackepedia
Jump to navigationJump to searchldd as found on Linux or a BSD displays what dynamic dependencies to a dynamic program exist. Some may even tell of breakage of libraries that don't exist anymore.
$ ldd /usr/bin/fetchmail.old
libkrb4.so.2 => /usr/kerberos/lib/libkrb4.so.2 (0xb7fd2000)
libdes425.so.3 => /usr/kerberos/lib/libdes425.so.3 (0xb7fce000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0xb7f70000)
libcrypt.so.1 => not found
libdl.so.2 => /lib/libdl.so.2 (0xb7f6d000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb7f5c000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0xb7f5a000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0xb7e63000)
libssl.so.4 => not found
libhesiod.so.0 => /usr/lib/libhesiod.so.0 (0xb7e5f000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0xb7e4c000)
libc.so.6 => /lib/libc.so.6 (0xb7d24000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0xb7d14000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fee000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7d06000)
As you can see libssl and libcrypt aren't there anymore causing fetchmail.old to crash when used.
ldd shows offsets where the dynamic code is loaded. In OpenBSD these offsets differ with each loading due to pie (positional independent executable). See example:
# ldd /usr/bin/vi
/usr/bin/vi:
Start End Type Open Ref GrpRef Name
1c000000 3c00f000 exe 1 0 0 /usr/bin/vi
019e9000 219fc000 rlib 0 1 0 /usr/lib/libcurses.so.10.0
005d5000 2060d000 rlib 0 1 0 /usr/lib/libc.so.50.1
0a683000 0a683000 rtld 0 1 0 /usr/libexec/ld.so
# ldd /usr/bin/vi
/usr/bin/vi:
Start End Type Open Ref GrpRef Name
1c000000 3c00f000 exe 1 0 0 /usr/bin/vi
0f5e3000 2f5f6000 rlib 0 1 0 /usr/lib/libcurses.so.10.0
00869000 208a1000 rlib 0 1 0 /usr/lib/libc.so.50.1
0534c000 0534c000 rtld 0 1 0 /usr/libexec/ld.so
The advantage of this is that if there is a hacker trying to rely his/her byte code on libc for example he'll have a hard time guessing the right offsets of this code.
