xref: /freebsd/libexec/rtld-elf/rtld.1 (revision dba7640e44c5ec148a84b0d58c6c9a3c9e5147f3)
1.\" Copyright (c) 1995 Paul Kranenburg
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgment:
14.\"      This product includes software developed by Paul Kranenburg.
15.\" 3. The name of the author may not be used to endorse or promote products
16.\"    derived from this software without specific prior written permission
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28.\"
29.\" $FreeBSD$
30.\"
31.Dd June 1, 2020
32.Dt RTLD 1
33.Os
34.Sh NAME
35.Nm ld-elf.so.1 ,
36.Nm ld.so ,
37.Nm rtld
38.Nd run-time link-editor
39.Sh DESCRIPTION
40The
41.Nm
42utility is a self-contained shared object providing run-time
43support for loading and link-editing shared objects into a process'
44address space.
45It is also commonly known as the dynamic linker.
46It uses the data structures
47contained within dynamically linked programs to determine which shared
48libraries are needed and loads them using the
49.Xr mmap 2
50system call.
51.Pp
52After all shared libraries have been successfully loaded,
53.Nm
54proceeds to resolve external references from both the main program and
55all objects loaded.
56A mechanism is provided for initialization routines
57to be called on a per-object basis, giving a shared object an opportunity
58to perform any extra set-up before execution of the program proper begins.
59This is useful for C++ libraries that contain static constructors.
60.Pp
61When resolving dependencies for the loaded objects,
62.Nm
63translates dynamic token strings in rpath and soname.
64If the
65.Fl "z origin"
66option of the static linker was set when linking the binary,
67the token expansion is performed at the object load time, see
68.Xr ld 1 .
69The following strings are recognized now:
70.Bl -tag -width ".Pa $PLATFORM"
71.It Pa $ORIGIN
72Translated to the full path of the loaded object.
73.It Pa $OSNAME
74Translated to the name of the operating system implementation.
75.It Pa $OSREL
76Translated to the release level of the operating system.
77.It Pa $PLATFORM
78Translated to the machine hardware platform.
79.El
80.Pp
81The
82.Nm
83utility itself is loaded by the kernel together with any dynamically-linked
84program that is to be executed.
85The kernel transfers control to the
86dynamic linker.
87After the dynamic linker has finished loading,
88relocating, and initializing the program and its required shared
89objects, it transfers control to the entry point of the program.
90The following search order is used to locate required shared objects:
91.Pp
92.Bl -enum -offset indent -compact
93.It
94.Dv DT_RPATH
95of the referencing object unless that object also contains a
96.Dv DT_RUNPATH
97tag
98.It
99.Dv DT_RPATH
100of the program unless the referencing object contains a
101.Dv DT_RUNPATH
102tag
103.It
104Path indicated by
105.Ev LD_LIBRARY_PATH
106environment variable
107.It
108.Dv DT_RUNPATH
109of the referencing object
110.It
111Hints file produced by the
112.Xr ldconfig 8
113utility
114.It
115The
116.Pa /lib
117and
118.Pa /usr/lib
119directories, unless the referencing object was linked using the
120.Dq Fl z Ar nodefaultlib
121option
122.El
123.Pp
124The
125.Nm
126utility
127recognizes a number of environment variables that can be used to modify
128its behaviour.
129On 64-bit architectures, the linker for 32-bit objects recognizes
130all the environment variables listed below, but is being prefixed with
131.Ev LD_32_ ,
132for example:
133.Ev LD_32_TRACE_LOADED_OBJECTS .
134.Bl -tag -width ".Ev LD_LIBMAP_DISABLE"
135.It Ev LD_DUMP_REL_POST
136If set,
137.Nm
138will print a table containing all relocations after symbol
139binding and relocation.
140.It Ev LD_DUMP_REL_PRE
141If set,
142.Nm
143will print a table containing all relocations before symbol
144binding and relocation.
145.It Ev LD_LIBMAP
146A library replacement list in the same format as
147.Xr libmap.conf 5 .
148For convenience, the characters
149.Ql =
150and
151.Ql \&,
152can be used instead of a space and a newline.
153This variable is parsed after
154.Xr libmap.conf 5 ,
155and will override its entries.
156This variable is unset for set-user-ID and set-group-ID programs.
157.It Ev LD_LIBMAP_DISABLE
158If set, disables the use of
159.Xr libmap.conf 5
160and
161.Ev LD_LIBMAP .
162This variable is unset for set-user-ID and set-group-ID programs.
163.It Ev LD_ELF_HINTS_PATH
164This variable will override the default location of
165.Dq hints
166file.
167This variable is unset for set-user-ID and set-group-ID programs.
168.It Ev LD_LIBRARY_PATH
169A colon separated list of directories, overriding the default search path
170for shared libraries.
171This variable is unset for set-user-ID and set-group-ID programs.
172.It Ev LD_LIBRARY_PATH_RPATH
173If the variable is specified and has a value starting with
174any of \'y\', \'Y\' or \'1\' symbols, the path specified by
175.Ev LD_LIBRARY_PATH
176variable is allowed to override the path from
177.Dv DT_RPATH
178for binaries which does not contain
179.Dv DT_RUNPATH
180tag.
181For such binaries, when the variable
182.Ev LD_LIBRARY_PATH_RPATH
183is set,
184.Dq Fl z Ar nodefaultlib
185link-time option is ignored as well.
186.It Ev LD_PRELOAD
187A list of shared libraries, separated by colons and/or white space,
188to be linked in before any
189other shared libraries.
190If the directory is not specified then
191the directories specified by
192.Ev LD_LIBRARY_PATH
193will be searched first
194followed by the set of built-in standard directories.
195This variable is unset for set-user-ID and set-group-ID programs.
196.It Ev LD_LIBRARY_PATH_FDS
197A colon separated list of file descriptor numbers for library directories.
198This is intended for use within
199.Xr capsicum 4
200sandboxes, when global namespaces such as the filesystem are unavailable.
201It is consulted just after LD_LIBRARY_PATH.
202This variable is unset for set-user-ID and set-group-ID programs.
203.It Ev LD_BIND_NOT
204When set to a nonempty string, prevents modifications of the PLT slots when
205doing bindings.
206As result, each call of the PLT-resolved function is resolved.
207In combination with debug output, this provides complete account of
208all bind actions at runtime.
209This variable is unset for set-user-ID and set-group-ID programs.
210.It Ev LD_BIND_NOW
211When set to a nonempty string, causes
212.Nm
213to relocate all external function calls before starting execution of the
214program.
215Normally, function calls are bound lazily, at the first call
216of each function.
217.Ev LD_BIND_NOW
218increases the start-up time of a program, but it avoids run-time
219surprises caused by unexpectedly undefined functions.
220.It Ev LD_TRACE_LOADED_OBJECTS
221When set to a nonempty string, causes
222.Nm
223to exit after loading the shared objects and printing a summary which includes
224the absolute pathnames of all objects, to standard output.
225.It Ev LD_TRACE_LOADED_OBJECTS_ALL
226When set to a nonempty string, causes
227.Nm
228to expand the summary to indicate which objects caused each object to
229be loaded.
230.It Ev LD_TRACE_LOADED_OBJECTS_FMT1
231.It Ev LD_TRACE_LOADED_OBJECTS_FMT2
232When set, these variables are interpreted as format strings a la
233.Xr printf 3
234to customize the trace output and are used by
235.Xr ldd 1 Ns 's
236.Fl f
237option and allows
238.Xr ldd 1
239to be operated as a filter more conveniently.
240If the dependency name starts with string
241.Pa lib ,
242.Ev LD_TRACE_LOADED_OBJECTS_FMT1
243is used, otherwise
244.Ev LD_TRACE_LOADED_OBJECTS_FMT2
245is used.
246The following conversions can be used:
247.Bl -tag -width 4n
248.It Li %a
249The main program's name
250(also known as
251.Dq __progname ) .
252.It Li \&%A
253The value of the environment variable
254.Ev LD_TRACE_LOADED_OBJECTS_PROGNAME .
255Typically used to print both the names of programs and shared libraries
256being inspected using
257.Xr ldd 1 .
258.It Li %o
259The library name.
260.It Li %p
261The full pathname as determined by
262.Nm rtld Ns 's
263library search rules.
264.It Li %x
265The library's load address.
266.El
267.Pp
268Additionally,
269.Ql \en
270and
271.Ql \et
272are recognized and have their usual meaning.
273.It Ev LD_UTRACE
274If set,
275.Nm
276will log events such as the loading and unloading of shared objects via
277.Xr utrace 2 .
278.It Ev LD_LOADFLTR
279If set,
280.Nm
281will process the filtee dependencies of the loaded objects immediately,
282instead of postponing it until required.
283Normally, the filtees are opened at the time of the first symbol resolution
284from the filter object.
285.El
286.Sh DIRECT EXECUTION MODE
287.Nm
288is typically used implicitly, loaded by the kernel as requested by the
289.Dv PT_INTERP
290program header of the executed binary.
291.Fx
292also supports a direct execution mode for the dynamic linker.
293In this mode, the user explicitly executes
294.Nm
295and provides the path of the program to be linked and executed as
296an argument.
297This mode allows use of a non-standard dynamic linker for a program
298activation without changing the binary or without changing
299the installed dynamic linker.
300Execution options may be specified.
301.Pp
302The syntax of the direct invocation is
303.Bd -ragged -offset indent
304.Pa /libexec/ld-elf.so.1
305.Op Fl b Ar exe
306.Op Fl f Ar fd
307.Op Fl p
308.Op Fl -
309.Pa image_path
310.Op Ar image arguments
311.Ed
312.Pp
313The options are:
314.Bl -tag -width indent
315.It Fl b Ar exe
316Use the executable
317.Fa exe
318instead of
319.Fa image_path
320for activation.
321If this option is specified,
322.Ar image_path
323is only used to provide the
324.Va argv[0]
325value to the program.
326.It Fl f Ar fd
327File descriptor
328.Ar fd
329references the binary to be activated by
330.Nm .
331It must already be opened in the process when executing
332.Nm .
333If this option is specified,
334.Ar image_path
335is only used to provide the
336.Va argv[0]
337value to the program.
338.It Fl p
339If the
340.Pa image_path
341argument specifies a name which does not contain a slash
342.Dq Li /
343character,
344.Nm
345uses the search path provided by the environment variable
346.Dv PATH
347to find the binary to execute.
348.It Fl v
349Display information about this run-time linker binary, then exit.
350.It Fl -
351Ends the
352.Nm
353options.
354The argument following
355.Fl -
356is interpreted as the path of the binary to execute.
357.El
358.Pp
359In the direct execution mode,
360.Nm
361emulates verification of the binary execute permission for the
362current user.
363This is done to avoid breaking user expectations in naively restricted
364execution environments.
365The verification only uses Unix
366.Dv DACs ,
367ignores
368.Dv ACLs ,
369and is naturally prone to race conditions.
370Environments which rely on such restrictions are weak
371and breakable on their own.
372.Sh VERSIONING
373Newer
374.Nm
375might provide some features or changes in runtime behavior that cannot be
376easily detected at runtime by checking of the normal exported symbols.
377Note that it is almost always wrong to verify
378.Dv __FreeBSD_version
379in userspace to detect features, either at compile or at run time,
380because either kernel, or libc, or environment variables could not
381match the running
382.Nm .
383.Pp
384To solve the problem,
385.Nm
386exports some feature indicators in the
387.Fx
388private symbols namespace
389.Dv FBSDprivate_1.0 .
390Symbols start with the
391.Dv _rtld_version
392prefix.
393Current list of defined symbols and corresponding features is:
394.Bl -tag -width indent
395.It Dv _rtld_version__FreeBSD_version
396Symbol exports the value of the
397.Dv __FreeBSD_version
398definition as it was provided during the
399.Nm
400build.
401The symbol is always present since the
402.Dv _rtld_version
403facility was introduced.
404.It Dv _rtld_version_laddr_offset
405The
406.Va l_addr
407member of the
408.Vt link_map
409structure contains the load offset of the shared object.
410Before that,
411.Va l_addr
412contained the base address of the library.
413See
414.Xr dlinfo 3 .
415.Pp
416Also it indicates the presence of
417.Va l_refname
418member of the structure.
419.El
420.Sh FILES
421.Bl -tag -width ".Pa /var/run/ld-elf32.so.hints" -compact
422.It Pa /var/run/ld-elf.so.hints
423Hints file.
424.It Pa /var/run/ld-elf32.so.hints
425Hints file for 32-bit binaries on 64-bit system.
426.It Pa /etc/libmap.conf
427The libmap configuration file.
428.It Pa /etc/libmap32.conf
429The libmap configuration file for 32-bit binaries on 64-bit system.
430.El
431.Sh SEE ALSO
432.Xr ld 1 ,
433.Xr ldd 1 ,
434.Xr dlinfo 3 ,
435.Xr capsicum 4 ,
436.Xr elf 5 ,
437.Xr libmap.conf 5 ,
438.Xr ldconfig 8
439