Hi!
On Fri, Dec 19, 2008 at 04:20:31PM -0500, Michael Kerrisk wrote:
> On Sun, Dec 7, 2008 at 1:28 PM, Petr Baudis <pasky@xxxxxxx> wrote:
> > +.TP
> > +.B LD_AUDIT
> > +(glibc since 2.4)
> > +A colon-separated list of additional,
>
> Why the word "additional" here?
Copy'n'paste oversight, sorry.
> > user-specified, ELF shared libraries
>
> The word "libraries" is interesting. The glibc sources imply that
> multiple auditing libraries is supported, but a brief play with this
> led to crashes for me. (That could easily be because I'm doing things
> wrong.) Did you try this, or see an example anywhere?
I have not tested this, just assumed from the code. Maybe 'shared
objects' would be more appropriate, too?
> --- a/man8/ld.so.8
> +++ b/man8/ld.so.8
> @@ -177,13 +177,47 @@ Version of
> for a.out binaries only.
> Old versions of ld\-linux.so.1 also supported
> .BR LD_ELF_PRELOAD .
> -.\" FIXME
> -.\" Document LD_AUDIT ("Install audit libraries for glibc")
> -.\" new in glibc 2.4
> -.\" ignored in set-user-ID and set-group-ID programs
> -.\"
> -.\" For some info, see Solaris Linker and Libraries Guide,
> -.\" "Runtime Linker Auditing Interface"
> +.TP
> +.B LD_AUDIT
> +(glibc since 2.4)
> +A colon-separated list of user-specified, ELF shared libraries
> +to be loaded before all others in a separate linker namespace
> +(i.e., one that does not intrude upon the normal symbol bindings that
> +would occur in the process).
> +These libraries can be used to audit the operation of the dynamic linker.
> +.B LD_AUDIT
> +is ignored for set-user-ID/set-group-ID binaries.
> +
> +The dynamic linker will notify the audit
> +libraries at so-called auditing checkpoints\(emfor example,
> +loading a new library, resolving a symbol,
> +or calling a symbol from another shared object\(emby
> +calling an appropriate function within the audit library.
> +The following functions may be supplied in the audit library:
> +.IR la_version (),
> +.IR la_activity (),
> +.IR la_objsearch (),
> +.IR la_objopen (),
> +.IR la_preinit (),
> +.IR la_symbind32 (),
> +.IR la_symbind64 (),
> +.IR la_objclose (),
> +.IR la_<platform>_pltenter ()
> +(e.g.,
> +.IR la_i86_gnu_pltenter ()),
> +and
> +.IR la_<platform>_pltexit ()
> +(e.g.,
> +.IR la_i86_gnu_pltexit ()).
> +These functions are prototyped in
> +.IR <link.h>
> +and
> +.IR <bits/link.h> .
> +The auditing interface is largely compatible with that provided on Solaris,
> +as described in its
> +.IR "Linker and Libraries Guide" ,
> +in the chapter
> +.IR "Runtime Linker Auditing Interface" .
> .TP
> .B LD_BIND_NOT
> (glibc since 2.1.95)
Acked-by: Petr Baudis <pasky@xxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
