> The sole purpose of this identifier is to ensure that ld.so does not
> mistake one legitimate .so file for another.  Deliberate attempts to
> generate hash collisions are beyond the scope; this is not a security
> function, we simply want reasonable assurance that the prebinder will
> not hand you the symbols for the wrong shared object file because
> they happened to have the same unique identifier computed from their
> contents and stamped into them.

I must be missing something.  How is it not a security problem if you
get the symbols that go with a .so file of the attacker's choice rather
than the ones that go with the .so you wanted to use?  At the very
least, it sounds like a trivial DoS to me, and probably worse
(consider, for example, arranging to have strncpy resolve to strcpy's
code)....

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B