xref: /freebsd/libexec/rtld-elf/rtld.1 (revision 05427f4639bcf2703329a9be9d25ec09bb782742)
1.\" Copyright (c) 1995 Paul Kranenburg
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgment:
14.\"      This product includes software developed by Paul Kranenburg.
15.\" 3. The name of the author may not be used to endorse or promote products
16.\"    derived from this software without specific prior written permission
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28.\"
29.Dd July 24, 2024
30.Dt RTLD 1
31.Os
32.Sh NAME
33.Nm ld-elf.so.1 ,
34.Nm ld.so ,
35.Nm rtld
36.Nd run-time link-editor
37.Sh DESCRIPTION
38The
39.Nm
40utility is a self-contained shared object providing run-time
41support for loading and link-editing shared objects into a process'
42address space.
43It is also commonly known as the dynamic linker.
44It uses the data structures
45contained within dynamically linked programs to determine which shared
46libraries are needed and loads them using the
47.Xr mmap 2
48system call.
49.Pp
50After all shared libraries have been successfully loaded,
51.Nm
52proceeds to resolve external references from both the main program and
53all objects loaded.
54A mechanism is provided for initialization routines
55to be called on a per-object basis, giving a shared object an opportunity
56to perform any extra set-up before execution of the program proper begins.
57This is useful for C++ libraries that contain static constructors.
58.Pp
59When resolving dependencies for the loaded objects,
60.Nm
61translates dynamic token strings in rpath and soname.
62If the
63.Fl "z origin"
64option of the static linker was set when linking the binary,
65the token expansion is performed at the object load time, see
66.Xr ld 1 .
67The following strings are recognized now:
68.Bl -tag -width ".Pa $PLATFORM"
69.It Pa $ORIGIN
70Translated to the full path of the loaded object.
71.It Pa $OSNAME
72Translated to the name of the operating system implementation.
73.It Pa $OSREL
74Translated to the release level of the operating system.
75.It Pa $PLATFORM
76Translated to the machine hardware platform.
77.It Pa $LIB
78Translated to the system library path component on the platform.
79It is
80.Pa lib
81for native binaries, and typically
82.Pa lib32
83for compat32 binaries.
84Other translations might exist for other ABIs supported on the platform.
85.El
86.Pp
87The
88.Nm
89utility itself is loaded by the kernel together with any dynamically-linked
90program that is to be executed.
91The kernel transfers control to the
92dynamic linker.
93After the dynamic linker has finished loading,
94relocating, and initializing the program and its required shared
95objects, it transfers control to the entry point of the program.
96The following search order is used to locate required shared objects:
97.Pp
98.Bl -enum -offset indent -compact
99.It
100.Dv DT_RPATH
101of the referencing object unless that object also contains a
102.Dv DT_RUNPATH
103tag
104.It
105.Dv DT_RPATH
106of the program unless the referencing object contains a
107.Dv DT_RUNPATH
108tag
109.It
110Path indicated by
111.Ev LD_LIBRARY_PATH
112environment variable
113.It
114.Dv DT_RUNPATH
115of the referencing object
116.It
117Hints file produced by the
118.Xr ldconfig 8
119utility
120.It
121The
122.Pa /lib
123and
124.Pa /usr/lib
125directories, unless the referencing object was linked using the
126.Dq Fl z Ar nodefaultlib
127option
128.El
129.Pp
130The
131.Nm
132utility
133recognizes a number of environment variables that can be used to modify
134its behaviour.
135On 64-bit architectures, the linker for 32-bit objects recognizes
136all the environment variables listed below, but is being prefixed with
137.Ev LD_32_ ,
138for example:
139.Ev LD_32_TRACE_LOADED_OBJECTS .
140If the activated image is setuid or setgid, the variables are ignored.
141.Pp
142The run-time linker is able to access the environment provided
143at process startup.
144After startup, environment variables are maintained by higher-level
145libraries and are not accessible by the run-time linker.
146At run-time, effective settings can be queried using
147.Xr rtld_get_var 3 ,
148and some of them can be changed with
149.Xr rtld_set_var 3 .
150.Bl -tag -width ".Ev LD_LIBMAP_DISABLE"
151.It Ev LD_DUMP_REL_POST
152If set,
153.Nm
154will print a table containing all relocations after symbol
155binding and relocation.
156.It Ev LD_DUMP_REL_PRE
157If set,
158.Nm
159will print a table containing all relocations before symbol
160binding and relocation.
161.It Ev LD_DYNAMIC_WEAK
162If set, use the ELF standard-compliant symbol lookup behavior:
163resolve to the first found symbol definition.
164.Pp
165By default,
166.Fx
167provides the non-standard symbol lookup behavior:
168when a weak symbol definition is found, remember the definition and
169keep searching in the remaining shared objects for a non-weak definition.
170If found, the non-weak definition is preferred, otherwise the remembered
171weak definition is returned.
172.Pp
173Symbols exported by dynamic linker itself (see
174.Xr dlfcn 3 )
175are always resolved using
176.Fx
177rules regardless of the presence of the variable.
178This variable is unset for set-user-ID and set-group-ID programs.
179.It Ev LD_LIBMAP
180A library replacement list in the same format as
181.Xr libmap.conf 5 .
182For convenience, the characters
183.Ql =
184and
185.Ql \&,
186can be used instead of a space and a newline.
187This variable is parsed after
188.Xr libmap.conf 5 ,
189and will override its entries.
190This variable is unset for set-user-ID and set-group-ID programs.
191.It Ev LD_LIBMAP_DISABLE
192If set, disables the use of
193.Xr libmap.conf 5
194and
195.Ev LD_LIBMAP .
196This variable is unset for set-user-ID and set-group-ID programs.
197.It Ev LD_ELF_HINTS_PATH
198This variable will override the default location of
199.Dq hints
200file.
201This variable is unset for set-user-ID and set-group-ID programs.
202.It Ev LD_LIBRARY_PATH
203A colon separated list of directories, overriding the default search path
204for shared libraries.
205This variable is unset for set-user-ID and set-group-ID programs.
206.It Ev LD_LIBRARY_PATH_RPATH
207If the variable is specified and has a value starting with
208any of \'y\', \'Y\' or \'1\' symbols, the path specified by
209.Ev LD_LIBRARY_PATH
210variable is allowed to override the path from
211.Dv DT_RPATH
212for binaries which does not contain
213.Dv DT_RUNPATH
214tag.
215For such binaries, when the variable
216.Ev LD_LIBRARY_PATH_RPATH
217is set,
218.Dq Fl z Ar nodefaultlib
219link-time option is ignored as well.
220.It Ev LD_PRELOAD
221A list of shared libraries, separated by colons and/or white space,
222to be linked in before any
223other shared libraries.
224If the directory is not specified then
225the directories specified by
226.Ev LD_LIBRARY_PATH
227will be searched first
228followed by the set of built-in standard directories.
229This variable is unset for set-user-ID and set-group-ID programs.
230.It Ev LD_PRELOAD_FDS
231A colon separated list of file descriptor numbers for libraries.
232This is intended for preloading libraries in which we already have a file
233descriptor.
234This may optimize the process of loading libraries because we do not have to
235look for them in directories.
236It may also be useful in a capability base system where we do not have access to
237global namespaces such as the filesystem.
238.It Ev LD_LIBRARY_PATH_FDS
239A colon separated list of file descriptor numbers for library directories.
240This is intended for use within
241.Xr capsicum 4
242sandboxes, when global namespaces such as the filesystem are unavailable.
243It is consulted just after LD_LIBRARY_PATH.
244This variable is unset for set-user-ID and set-group-ID programs.
245.It Ev LD_BIND_NOT
246When set to a nonempty string, prevents modifications of the PLT slots when
247doing bindings.
248As result, each call of the PLT-resolved function is resolved.
249In combination with debug output, this provides complete account of
250all bind actions at runtime.
251This variable is unset for set-user-ID and set-group-ID programs.
252.It Ev LD_BIND_NOW
253When set to a nonempty string, causes
254.Nm
255to relocate all external function calls before starting execution of the
256program.
257Normally, function calls are bound lazily, at the first call
258of each function.
259.Ev LD_BIND_NOW
260increases the start-up time of a program, but it avoids run-time
261surprises caused by unexpectedly undefined functions.
262.It Ev LD_TRACE_LOADED_OBJECTS
263When set to a nonempty string, causes
264.Nm
265to exit after loading the shared objects and printing a summary which includes
266the absolute pathnames of all objects, to standard output.
267.It Ev LD_TRACE_LOADED_OBJECTS_ALL
268When set to a nonempty string, causes
269.Nm
270to expand the summary to indicate which objects caused each object to
271be loaded.
272.It Ev LD_TRACE_LOADED_OBJECTS_FMT1
273.It Ev LD_TRACE_LOADED_OBJECTS_FMT2
274When set, these variables are interpreted as format strings a la
275.Xr printf 3
276to customize the trace output and are used by
277.Xr ldd 1 Ns 's
278.Fl f
279option and allows
280.Xr ldd 1
281to be operated as a filter more conveniently.
282If the dependency name starts with string
283.Pa lib ,
284.Ev LD_TRACE_LOADED_OBJECTS_FMT1
285is used, otherwise
286.Ev LD_TRACE_LOADED_OBJECTS_FMT2
287is used.
288The following conversions can be used:
289.Bl -tag -width 4n
290.It Li %a
291The main program's name
292(also known as
293.Dq __progname ) .
294.It Li \&%A
295The value of the environment variable
296.Ev LD_TRACE_LOADED_OBJECTS_PROGNAME .
297Typically used to print both the names of programs and shared libraries
298being inspected using
299.Xr ldd 1 .
300.It Li %o
301The library name.
302.It Li %p
303The full pathname as determined by
304.Nm rtld Ns 's
305library search rules.
306.It Li %x
307The library's load address.
308.El
309.Pp
310Additionally,
311.Ql \en
312and
313.Ql \et
314are recognized and have their usual meaning.
315.It Ev LD_UTRACE
316If set,
317.Nm
318will log events such as the loading and unloading of shared objects via
319.Xr utrace 2 .
320.It Ev LD_LOADFLTR
321If set,
322.Nm
323will process the filtee dependencies of the loaded objects immediately,
324instead of postponing it until required.
325Normally, the filtees are opened at the time of the first symbol resolution
326from the filter object.
327.It Ev LD_SHOW_AUXV
328If set, causes
329.Nm
330to dump content of the aux vector to standard output, before passing
331control to any user code.
332.It Ev LD_STATIC_TLS_EXTRA
333If the variable is specified and has a numeric value,
334.Nm
335will set the size of the static TLS extra space to the specified number
336of bytes.
337The static TLS extra space is used when loading objects compiled for
338initial-exec TLS code model with
339.Xr dlopen 3 .
340The minimum value that can be specified is \'128\'.
341.It Ev LD_NO_DL_ITERATE_PHDR_AFTER_FORK
342Allow
343.Xr dl_iterate_phdr 3
344to block in callback, without causing deadlock with the
345.Xr fork 2 .
346The drawback is that the image started in this mode cannot use
347.Xr dl_iterate_phdr 3
348after fork.
349.El
350.Sh DIRECT EXECUTION MODE
351.Nm
352is typically used implicitly, loaded by the kernel as requested by the
353.Dv PT_INTERP
354program header of the executed binary.
355.Fx
356also supports a direct execution mode for the dynamic linker.
357In this mode, the user explicitly executes
358.Nm
359and provides the path of the program to be linked and executed as
360an argument.
361This mode allows use of a non-standard dynamic linker for a program
362activation without changing the binary or without changing
363the installed dynamic linker.
364Execution options may be specified.
365.Pp
366The syntax of the direct invocation is
367.Bd -ragged -offset indent
368.Pa /libexec/ld-elf.so.1
369.Op Fl b Ar exe
370.Op Fl d
371.Op Fl f Ar fd
372.Op Fl o Ar OPT=VALUE
373.Op Fl p
374.Op Fl u
375.Op Fl v
376.Op Fl -
377.Pa image_path
378.Op Ar image arguments
379.Ed
380.Pp
381The options are:
382.Bl -tag -width indent
383.It Fl b Ar exe
384Use the executable
385.Fa exe
386instead of
387.Fa image_path
388for activation.
389If this option is specified,
390.Ar image_path
391is only used to provide the
392.Va argv[0]
393value to the program.
394.It Fl d
395Turn off the emulation of the binary execute permission.
396.It Fl f Ar fd
397File descriptor
398.Ar fd
399references the binary to be activated by
400.Nm .
401It must already be opened in the process when executing
402.Nm .
403If this option is specified,
404.Ar image_path
405is only used to provide the
406.Va argv[0]
407value to the program.
408.It Fl o Ar OPT=VALUE
409Set the
410.Ar OPT
411configuration variable to the value
412.Ar VALUE .
413The possible variable names are listed above as
414.Ev LD_
415prefixed environment variables, but here are referenced without the
416.Ev LD_
417prefix.
418A configuration variable set this way does not leak into
419the activated image's environment.
420.Pp
421The option can be repeated as many times as needed to set
422all configuration parameters.
423The parameters set using this option have priority over
424the same parameters assigned via environment.
425.It Fl p
426If the
427.Pa image_path
428argument specifies a name which does not contain a slash
429.Dq Li /
430character,
431.Nm
432uses the search path provided by the environment variable
433.Dv PATH
434to find the binary to execute.
435.It Fl u
436Ignore all
437.Ev LD_
438environment variables and previous command line
439.Fl o
440options that otherwise affect the dynamic
441linker behavior.
442.It Fl v
443Display information about this run-time linker binary, then exit.
444.It Fl -
445Ends the
446.Nm
447options.
448The argument following
449.Fl -
450is interpreted as the path of the binary to execute.
451.El
452.Pp
453In the direct execution mode,
454.Nm
455emulates verification of the binary execute permission for the
456current user.
457This is done to avoid breaking user expectations in naively restricted
458execution environments.
459The verification only uses Unix
460.Dv DACs ,
461ignores
462.Dv ACLs ,
463and is naturally prone to race conditions.
464Environments which rely on such restrictions are weak
465and breakable on their own.
466It can be turned off with the
467.Fl d
468option.
469.Sh VERSIONING
470Newer
471.Nm
472might provide some features or changes in runtime behavior that cannot be
473easily detected at runtime by checking of the normal exported symbols.
474Note that it is almost always wrong to verify
475.Dv __FreeBSD_version
476in userspace to detect features, either at compile or at run time,
477because either kernel, or libc, or environment variables could not
478match the running
479.Nm .
480.Pp
481To solve the problem,
482.Nm
483exports some feature indicators in the
484.Fx
485private symbols namespace
486.Dv FBSDprivate_1.0 .
487Symbols start with the
488.Dv _rtld_version
489prefix.
490Current list of defined symbols and corresponding features is:
491.Bl -tag -width indent
492.It Dv _rtld_version__FreeBSD_version
493Symbol exports the value of the
494.Dv __FreeBSD_version
495definition as it was provided during the
496.Nm
497build.
498The symbol is always present since the
499.Dv _rtld_version
500facility was introduced.
501.It Dv _rtld_version_laddr_offset
502The
503.Va l_addr
504member of the
505.Vt link_map
506structure contains the load offset of the shared object.
507Before that,
508.Va l_addr
509contained the base address of the library.
510See
511.Xr dlinfo 3 .
512.Pp
513Also it indicates the presence of
514.Va l_refname
515member of the structure.
516.It Dv _rtld_version_dlpi_tls_data
517The
518.Va dlpi_tls_data
519member of the structure
520.Vt dl_phdr_info
521contains the address of the module TLS segment for the calling thread,
522and not the address of the initialization segment.
523.El
524.Sh FILES
525.Bl -tag -width ".Pa /var/run/ld-elf32.so.hints" -compact
526.It Pa /var/run/ld-elf.so.hints
527Hints file.
528.It Pa /var/run/ld-elf32.so.hints
529Hints file for 32-bit binaries on 64-bit system.
530.It Pa /etc/libmap.conf
531The libmap configuration file.
532.It Pa /etc/libmap32.conf
533The libmap configuration file for 32-bit binaries on 64-bit system.
534.El
535.Sh SEE ALSO
536.Xr ld 1 ,
537.Xr ldd 1 ,
538.Xr dlinfo 3 ,
539.Xr rtld_get_var 3 ,
540.Xr capsicum 4 ,
541.Xr elf 5 ,
542.Xr libmap.conf 5 ,
543.Xr ldconfig 8
544