setroubleshoot: parsing of untrusted binaries is a security risk

[thoger]

allow_execstack plugin runs ldd on a binary that generated execstack AVC. The ldd manual page has this information:

Be aware, however, that in some circumstances, some versions
of ldd may attempt to obtain the dependency information by
directly executing the program. Thus, you should never employ
ldd on an untrusted executable, since this may result in the
execution of arbitrary code. A safer alternative when dealing
with untrusted executables is:

    $ objdump -p /path/to/program | grep NEEDED

This text most likely refers to an issue also known as CVE-2009-5064 for glibc ldd. While not fixed in glibc upstream, it is fixed in Fedora and RHEL, and likely in other distros.

The use of objdump, execstack, or eu-readelf (in allow_execmod) still implies doing non-trivial parsing of untrusted binaries using tools that may not have been written with assumption that they will be used on malicious inputs. And possibly doing so with root privileges.