xref: /freebsd/libexec/rtld-elf/rtld.1 (revision c7a063741720ef81d4caa4613242579d12f1d605)
1.\" Copyright (c) 1995 Paul Kranenburg
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgment:
14.\"      This product includes software developed by Paul Kranenburg.
15.\" 3. The name of the author may not be used to endorse or promote products
16.\"    derived from this software without specific prior written permission
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28.\"
29.\" $FreeBSD$
30.\"
31.Dd November 10, 2022
32.Dt RTLD 1
33.Os
34.Sh NAME
35.Nm ld-elf.so.1 ,
36.Nm ld.so ,
37.Nm rtld
38.Nd run-time link-editor
39.Sh DESCRIPTION
40The
41.Nm
42utility is a self-contained shared object providing run-time
43support for loading and link-editing shared objects into a process'
44address space.
45It is also commonly known as the dynamic linker.
46It uses the data structures
47contained within dynamically linked programs to determine which shared
48libraries are needed and loads them using the
49.Xr mmap 2
50system call.
51.Pp
52After all shared libraries have been successfully loaded,
53.Nm
54proceeds to resolve external references from both the main program and
55all objects loaded.
56A mechanism is provided for initialization routines
57to be called on a per-object basis, giving a shared object an opportunity
58to perform any extra set-up before execution of the program proper begins.
59This is useful for C++ libraries that contain static constructors.
60.Pp
61When resolving dependencies for the loaded objects,
62.Nm
63translates dynamic token strings in rpath and soname.
64If the
65.Fl "z origin"
66option of the static linker was set when linking the binary,
67the token expansion is performed at the object load time, see
68.Xr ld 1 .
69The following strings are recognized now:
70.Bl -tag -width ".Pa $PLATFORM"
71.It Pa $ORIGIN
72Translated to the full path of the loaded object.
73.It Pa $OSNAME
74Translated to the name of the operating system implementation.
75.It Pa $OSREL
76Translated to the release level of the operating system.
77.It Pa $PLATFORM
78Translated to the machine hardware platform.
79.It Pa $LIB
80Translated to the system library path component on the platform.
81It is
82.Pa lib
83for native binaries, and typically
84.Pa lib32
85for compat32 binaries.
86Other translations might exist for other ABIs supported on the platform.
87.El
88.Pp
89The
90.Nm
91utility itself is loaded by the kernel together with any dynamically-linked
92program that is to be executed.
93The kernel transfers control to the
94dynamic linker.
95After the dynamic linker has finished loading,
96relocating, and initializing the program and its required shared
97objects, it transfers control to the entry point of the program.
98The following search order is used to locate required shared objects:
99.Pp
100.Bl -enum -offset indent -compact
101.It
102.Dv DT_RPATH
103of the referencing object unless that object also contains a
104.Dv DT_RUNPATH
105tag
106.It
107.Dv DT_RPATH
108of the program unless the referencing object contains a
109.Dv DT_RUNPATH
110tag
111.It
112Path indicated by
113.Ev LD_LIBRARY_PATH
114environment variable
115.It
116.Dv DT_RUNPATH
117of the referencing object
118.It
119Hints file produced by the
120.Xr ldconfig 8
121utility
122.It
123The
124.Pa /lib
125and
126.Pa /usr/lib
127directories, unless the referencing object was linked using the
128.Dq Fl z Ar nodefaultlib
129option
130.El
131.Pp
132The
133.Nm
134utility
135recognizes a number of environment variables that can be used to modify
136its behaviour.
137On 64-bit architectures, the linker for 32-bit objects recognizes
138all the environment variables listed below, but is being prefixed with
139.Ev LD_32_ ,
140for example:
141.Ev LD_32_TRACE_LOADED_OBJECTS .
142If the activated image is setuid or setgid, the variables are ignored.
143.Bl -tag -width ".Ev LD_LIBMAP_DISABLE"
144.It Ev LD_DUMP_REL_POST
145If set,
146.Nm
147will print a table containing all relocations after symbol
148binding and relocation.
149.It Ev LD_DUMP_REL_PRE
150If set,
151.Nm
152will print a table containing all relocations before symbol
153binding and relocation.
154.It Ev LD_DYNAMIC_WEAK
155If set, use the ELF standard-compliant symbol lookup behavior:
156resolve to the first found symbol definition.
157.Pp
158By default,
159.Fx
160provides the non-standard symbol lookup behavior:
161when a weak symbol definition is found, remember the definition and
162keep searching in the remaining shared objects for a non-weak definition.
163If found, the non-weak definition is preferred, otherwise the remembered
164weak definition is returned.
165.Pp
166Symbols exported by dynamic linker itself (see
167.Xr dlfcn 3 )
168are always resolved using
169.Fx
170rules regardless of the presence of the variable.
171This variable is unset for set-user-ID and set-group-ID programs.
172.It Ev LD_LIBMAP
173A library replacement list in the same format as
174.Xr libmap.conf 5 .
175For convenience, the characters
176.Ql =
177and
178.Ql \&,
179can be used instead of a space and a newline.
180This variable is parsed after
181.Xr libmap.conf 5 ,
182and will override its entries.
183This variable is unset for set-user-ID and set-group-ID programs.
184.It Ev LD_LIBMAP_DISABLE
185If set, disables the use of
186.Xr libmap.conf 5
187and
188.Ev LD_LIBMAP .
189This variable is unset for set-user-ID and set-group-ID programs.
190.It Ev LD_ELF_HINTS_PATH
191This variable will override the default location of
192.Dq hints
193file.
194This variable is unset for set-user-ID and set-group-ID programs.
195.It Ev LD_LIBRARY_PATH
196A colon separated list of directories, overriding the default search path
197for shared libraries.
198This variable is unset for set-user-ID and set-group-ID programs.
199.It Ev LD_LIBRARY_PATH_RPATH
200If the variable is specified and has a value starting with
201any of \'y\', \'Y\' or \'1\' symbols, the path specified by
202.Ev LD_LIBRARY_PATH
203variable is allowed to override the path from
204.Dv DT_RPATH
205for binaries which does not contain
206.Dv DT_RUNPATH
207tag.
208For such binaries, when the variable
209.Ev LD_LIBRARY_PATH_RPATH
210is set,
211.Dq Fl z Ar nodefaultlib
212link-time option is ignored as well.
213.It Ev LD_PRELOAD
214A list of shared libraries, separated by colons and/or white space,
215to be linked in before any
216other shared libraries.
217If the directory is not specified then
218the directories specified by
219.Ev LD_LIBRARY_PATH
220will be searched first
221followed by the set of built-in standard directories.
222This variable is unset for set-user-ID and set-group-ID programs.
223.It Ev LD_PRELOAD_FDS
224A colon separated list of file descriptor numbers for libraries.
225This is intended for preloading libraries in which we already have a file
226descriptor.
227This may optimize the process of loading libraries because we do not have to
228look for them in directories.
229It may also be useful in a capability base system where we do not have access to
230global namespaces such as the filesystem.
231.It Ev LD_LIBRARY_PATH_FDS
232A colon separated list of file descriptor numbers for library directories.
233This is intended for use within
234.Xr capsicum 4
235sandboxes, when global namespaces such as the filesystem are unavailable.
236It is consulted just after LD_LIBRARY_PATH.
237This variable is unset for set-user-ID and set-group-ID programs.
238.It Ev LD_BIND_NOT
239When set to a nonempty string, prevents modifications of the PLT slots when
240doing bindings.
241As result, each call of the PLT-resolved function is resolved.
242In combination with debug output, this provides complete account of
243all bind actions at runtime.
244This variable is unset for set-user-ID and set-group-ID programs.
245.It Ev LD_BIND_NOW
246When set to a nonempty string, causes
247.Nm
248to relocate all external function calls before starting execution of the
249program.
250Normally, function calls are bound lazily, at the first call
251of each function.
252.Ev LD_BIND_NOW
253increases the start-up time of a program, but it avoids run-time
254surprises caused by unexpectedly undefined functions.
255.It Ev LD_TRACE_LOADED_OBJECTS
256When set to a nonempty string, causes
257.Nm
258to exit after loading the shared objects and printing a summary which includes
259the absolute pathnames of all objects, to standard output.
260.It Ev LD_TRACE_LOADED_OBJECTS_ALL
261When set to a nonempty string, causes
262.Nm
263to expand the summary to indicate which objects caused each object to
264be loaded.
265.It Ev LD_TRACE_LOADED_OBJECTS_FMT1
266.It Ev LD_TRACE_LOADED_OBJECTS_FMT2
267When set, these variables are interpreted as format strings a la
268.Xr printf 3
269to customize the trace output and are used by
270.Xr ldd 1 Ns 's
271.Fl f
272option and allows
273.Xr ldd 1
274to be operated as a filter more conveniently.
275If the dependency name starts with string
276.Pa lib ,
277.Ev LD_TRACE_LOADED_OBJECTS_FMT1
278is used, otherwise
279.Ev LD_TRACE_LOADED_OBJECTS_FMT2
280is used.
281The following conversions can be used:
282.Bl -tag -width 4n
283.It Li %a
284The main program's name
285(also known as
286.Dq __progname ) .
287.It Li \&%A
288The value of the environment variable
289.Ev LD_TRACE_LOADED_OBJECTS_PROGNAME .
290Typically used to print both the names of programs and shared libraries
291being inspected using
292.Xr ldd 1 .
293.It Li %o
294The library name.
295.It Li %p
296The full pathname as determined by
297.Nm rtld Ns 's
298library search rules.
299.It Li %x
300The library's load address.
301.El
302.Pp
303Additionally,
304.Ql \en
305and
306.Ql \et
307are recognized and have their usual meaning.
308.It Ev LD_UTRACE
309If set,
310.Nm
311will log events such as the loading and unloading of shared objects via
312.Xr utrace 2 .
313.It Ev LD_LOADFLTR
314If set,
315.Nm
316will process the filtee dependencies of the loaded objects immediately,
317instead of postponing it until required.
318Normally, the filtees are opened at the time of the first symbol resolution
319from the filter object.
320.It Ev LD_SHOW_AUXV
321If set, causes
322.Nm
323to dump content of the aux vector to standard output, before passing
324control to any user code.
325.El
326.Sh DIRECT EXECUTION MODE
327.Nm
328is typically used implicitly, loaded by the kernel as requested by the
329.Dv PT_INTERP
330program header of the executed binary.
331.Fx
332also supports a direct execution mode for the dynamic linker.
333In this mode, the user explicitly executes
334.Nm
335and provides the path of the program to be linked and executed as
336an argument.
337This mode allows use of a non-standard dynamic linker for a program
338activation without changing the binary or without changing
339the installed dynamic linker.
340Execution options may be specified.
341.Pp
342The syntax of the direct invocation is
343.Bd -ragged -offset indent
344.Pa /libexec/ld-elf.so.1
345.Op Fl b Ar exe
346.Op Fl d
347.Op Fl f Ar fd
348.Op Fl p
349.Op Fl u
350.Op Fl v
351.Op Fl -
352.Pa image_path
353.Op Ar image arguments
354.Ed
355.Pp
356The options are:
357.Bl -tag -width indent
358.It Fl b Ar exe
359Use the executable
360.Fa exe
361instead of
362.Fa image_path
363for activation.
364If this option is specified,
365.Ar image_path
366is only used to provide the
367.Va argv[0]
368value to the program.
369.It Fl d
370Turn off the emulation of the binary execute permission.
371.It Fl f Ar fd
372File descriptor
373.Ar fd
374references the binary to be activated by
375.Nm .
376It must already be opened in the process when executing
377.Nm .
378If this option is specified,
379.Ar image_path
380is only used to provide the
381.Va argv[0]
382value to the program.
383.It Fl p
384If the
385.Pa image_path
386argument specifies a name which does not contain a slash
387.Dq Li /
388character,
389.Nm
390uses the search path provided by the environment variable
391.Dv PATH
392to find the binary to execute.
393.It Fl u
394Ignore all
395.Ev LD_
396environment variables that otherwise affect the dynamic
397linker behavior.
398.It Fl v
399Display information about this run-time linker binary, then exit.
400.It Fl -
401Ends the
402.Nm
403options.
404The argument following
405.Fl -
406is interpreted as the path of the binary to execute.
407.El
408.Pp
409In the direct execution mode,
410.Nm
411emulates verification of the binary execute permission for the
412current user.
413This is done to avoid breaking user expectations in naively restricted
414execution environments.
415The verification only uses Unix
416.Dv DACs ,
417ignores
418.Dv ACLs ,
419and is naturally prone to race conditions.
420Environments which rely on such restrictions are weak
421and breakable on their own.
422It can be turned off with the
423.Fl d
424option.
425.Sh VERSIONING
426Newer
427.Nm
428might provide some features or changes in runtime behavior that cannot be
429easily detected at runtime by checking of the normal exported symbols.
430Note that it is almost always wrong to verify
431.Dv __FreeBSD_version
432in userspace to detect features, either at compile or at run time,
433because either kernel, or libc, or environment variables could not
434match the running
435.Nm .
436.Pp
437To solve the problem,
438.Nm
439exports some feature indicators in the
440.Fx
441private symbols namespace
442.Dv FBSDprivate_1.0 .
443Symbols start with the
444.Dv _rtld_version
445prefix.
446Current list of defined symbols and corresponding features is:
447.Bl -tag -width indent
448.It Dv _rtld_version__FreeBSD_version
449Symbol exports the value of the
450.Dv __FreeBSD_version
451definition as it was provided during the
452.Nm
453build.
454The symbol is always present since the
455.Dv _rtld_version
456facility was introduced.
457.It Dv _rtld_version_laddr_offset
458The
459.Va l_addr
460member of the
461.Vt link_map
462structure contains the load offset of the shared object.
463Before that,
464.Va l_addr
465contained the base address of the library.
466See
467.Xr dlinfo 3 .
468.Pp
469Also it indicates the presence of
470.Va l_refname
471member of the structure.
472.It Dv _rtld_version_dlpi_tls_data
473The
474.Va dlpi_tls_data
475member of the structure
476.Vt dl_phdr_info
477contains the address of the module TLS segment for the calling thread,
478and not the address of the initialization segment.
479.El
480.Sh FILES
481.Bl -tag -width ".Pa /var/run/ld-elf32.so.hints" -compact
482.It Pa /var/run/ld-elf.so.hints
483Hints file.
484.It Pa /var/run/ld-elf32.so.hints
485Hints file for 32-bit binaries on 64-bit system.
486.It Pa /etc/libmap.conf
487The libmap configuration file.
488.It Pa /etc/libmap32.conf
489The libmap configuration file for 32-bit binaries on 64-bit system.
490.El
491.Sh SEE ALSO
492.Xr ld 1 ,
493.Xr ldd 1 ,
494.Xr dlinfo 3 ,
495.Xr capsicum 4 ,
496.Xr elf 5 ,
497.Xr libmap.conf 5 ,
498.Xr ldconfig 8
499