1.\" Copyright (c) 1995 Paul Kranenburg 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgment: 14.\" This product includes software developed by Paul Kranenburg. 15.\" 3. The name of the author may not be used to endorse or promote products 16.\" derived from this software without specific prior written permission 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28.\" 29.Dd November 10, 2022 30.Dt RTLD 1 31.Os 32.Sh NAME 33.Nm ld-elf.so.1 , 34.Nm ld.so , 35.Nm rtld 36.Nd run-time link-editor 37.Sh DESCRIPTION 38The 39.Nm 40utility is a self-contained shared object providing run-time 41support for loading and link-editing shared objects into a process' 42address space. 43It is also commonly known as the dynamic linker. 44It uses the data structures 45contained within dynamically linked programs to determine which shared 46libraries are needed and loads them using the 47.Xr mmap 2 48system call. 49.Pp 50After all shared libraries have been successfully loaded, 51.Nm 52proceeds to resolve external references from both the main program and 53all objects loaded. 54A mechanism is provided for initialization routines 55to be called on a per-object basis, giving a shared object an opportunity 56to perform any extra set-up before execution of the program proper begins. 57This is useful for C++ libraries that contain static constructors. 58.Pp 59When resolving dependencies for the loaded objects, 60.Nm 61translates dynamic token strings in rpath and soname. 62If the 63.Fl "z origin" 64option of the static linker was set when linking the binary, 65the token expansion is performed at the object load time, see 66.Xr ld 1 . 67The following strings are recognized now: 68.Bl -tag -width ".Pa $PLATFORM" 69.It Pa $ORIGIN 70Translated to the full path of the loaded object. 71.It Pa $OSNAME 72Translated to the name of the operating system implementation. 73.It Pa $OSREL 74Translated to the release level of the operating system. 75.It Pa $PLATFORM 76Translated to the machine hardware platform. 77.It Pa $LIB 78Translated to the system library path component on the platform. 79It is 80.Pa lib 81for native binaries, and typically 82.Pa lib32 83for compat32 binaries. 84Other translations might exist for other ABIs supported on the platform. 85.El 86.Pp 87The 88.Nm 89utility itself is loaded by the kernel together with any dynamically-linked 90program that is to be executed. 91The kernel transfers control to the 92dynamic linker. 93After the dynamic linker has finished loading, 94relocating, and initializing the program and its required shared 95objects, it transfers control to the entry point of the program. 96The following search order is used to locate required shared objects: 97.Pp 98.Bl -enum -offset indent -compact 99.It 100.Dv DT_RPATH 101of the referencing object unless that object also contains a 102.Dv DT_RUNPATH 103tag 104.It 105.Dv DT_RPATH 106of the program unless the referencing object contains a 107.Dv DT_RUNPATH 108tag 109.It 110Path indicated by 111.Ev LD_LIBRARY_PATH 112environment variable 113.It 114.Dv DT_RUNPATH 115of the referencing object 116.It 117Hints file produced by the 118.Xr ldconfig 8 119utility 120.It 121The 122.Pa /lib 123and 124.Pa /usr/lib 125directories, unless the referencing object was linked using the 126.Dq Fl z Ar nodefaultlib 127option 128.El 129.Pp 130The 131.Nm 132utility 133recognizes a number of environment variables that can be used to modify 134its behaviour. 135On 64-bit architectures, the linker for 32-bit objects recognizes 136all the environment variables listed below, but is being prefixed with 137.Ev LD_32_ , 138for example: 139.Ev LD_32_TRACE_LOADED_OBJECTS . 140If the activated image is setuid or setgid, the variables are ignored. 141.Bl -tag -width ".Ev LD_LIBMAP_DISABLE" 142.It Ev LD_DUMP_REL_POST 143If set, 144.Nm 145will print a table containing all relocations after symbol 146binding and relocation. 147.It Ev LD_DUMP_REL_PRE 148If set, 149.Nm 150will print a table containing all relocations before symbol 151binding and relocation. 152.It Ev LD_DYNAMIC_WEAK 153If set, use the ELF standard-compliant symbol lookup behavior: 154resolve to the first found symbol definition. 155.Pp 156By default, 157.Fx 158provides the non-standard symbol lookup behavior: 159when a weak symbol definition is found, remember the definition and 160keep searching in the remaining shared objects for a non-weak definition. 161If found, the non-weak definition is preferred, otherwise the remembered 162weak definition is returned. 163.Pp 164Symbols exported by dynamic linker itself (see 165.Xr dlfcn 3 ) 166are always resolved using 167.Fx 168rules regardless of the presence of the variable. 169This variable is unset for set-user-ID and set-group-ID programs. 170.It Ev LD_LIBMAP 171A library replacement list in the same format as 172.Xr libmap.conf 5 . 173For convenience, the characters 174.Ql = 175and 176.Ql \&, 177can be used instead of a space and a newline. 178This variable is parsed after 179.Xr libmap.conf 5 , 180and will override its entries. 181This variable is unset for set-user-ID and set-group-ID programs. 182.It Ev LD_LIBMAP_DISABLE 183If set, disables the use of 184.Xr libmap.conf 5 185and 186.Ev LD_LIBMAP . 187This variable is unset for set-user-ID and set-group-ID programs. 188.It Ev LD_ELF_HINTS_PATH 189This variable will override the default location of 190.Dq hints 191file. 192This variable is unset for set-user-ID and set-group-ID programs. 193.It Ev LD_LIBRARY_PATH 194A colon separated list of directories, overriding the default search path 195for shared libraries. 196This variable is unset for set-user-ID and set-group-ID programs. 197.It Ev LD_LIBRARY_PATH_RPATH 198If the variable is specified and has a value starting with 199any of \'y\', \'Y\' or \'1\' symbols, the path specified by 200.Ev LD_LIBRARY_PATH 201variable is allowed to override the path from 202.Dv DT_RPATH 203for binaries which does not contain 204.Dv DT_RUNPATH 205tag. 206For such binaries, when the variable 207.Ev LD_LIBRARY_PATH_RPATH 208is set, 209.Dq Fl z Ar nodefaultlib 210link-time option is ignored as well. 211.It Ev LD_PRELOAD 212A list of shared libraries, separated by colons and/or white space, 213to be linked in before any 214other shared libraries. 215If the directory is not specified then 216the directories specified by 217.Ev LD_LIBRARY_PATH 218will be searched first 219followed by the set of built-in standard directories. 220This variable is unset for set-user-ID and set-group-ID programs. 221.It Ev LD_PRELOAD_FDS 222A colon separated list of file descriptor numbers for libraries. 223This is intended for preloading libraries in which we already have a file 224descriptor. 225This may optimize the process of loading libraries because we do not have to 226look for them in directories. 227It may also be useful in a capability base system where we do not have access to 228global namespaces such as the filesystem. 229.It Ev LD_LIBRARY_PATH_FDS 230A colon separated list of file descriptor numbers for library directories. 231This is intended for use within 232.Xr capsicum 4 233sandboxes, when global namespaces such as the filesystem are unavailable. 234It is consulted just after LD_LIBRARY_PATH. 235This variable is unset for set-user-ID and set-group-ID programs. 236.It Ev LD_BIND_NOT 237When set to a nonempty string, prevents modifications of the PLT slots when 238doing bindings. 239As result, each call of the PLT-resolved function is resolved. 240In combination with debug output, this provides complete account of 241all bind actions at runtime. 242This variable is unset for set-user-ID and set-group-ID programs. 243.It Ev LD_BIND_NOW 244When set to a nonempty string, causes 245.Nm 246to relocate all external function calls before starting execution of the 247program. 248Normally, function calls are bound lazily, at the first call 249of each function. 250.Ev LD_BIND_NOW 251increases the start-up time of a program, but it avoids run-time 252surprises caused by unexpectedly undefined functions. 253.It Ev LD_TRACE_LOADED_OBJECTS 254When set to a nonempty string, causes 255.Nm 256to exit after loading the shared objects and printing a summary which includes 257the absolute pathnames of all objects, to standard output. 258.It Ev LD_TRACE_LOADED_OBJECTS_ALL 259When set to a nonempty string, causes 260.Nm 261to expand the summary to indicate which objects caused each object to 262be loaded. 263.It Ev LD_TRACE_LOADED_OBJECTS_FMT1 264.It Ev LD_TRACE_LOADED_OBJECTS_FMT2 265When set, these variables are interpreted as format strings a la 266.Xr printf 3 267to customize the trace output and are used by 268.Xr ldd 1 Ns 's 269.Fl f 270option and allows 271.Xr ldd 1 272to be operated as a filter more conveniently. 273If the dependency name starts with string 274.Pa lib , 275.Ev LD_TRACE_LOADED_OBJECTS_FMT1 276is used, otherwise 277.Ev LD_TRACE_LOADED_OBJECTS_FMT2 278is used. 279The following conversions can be used: 280.Bl -tag -width 4n 281.It Li %a 282The main program's name 283(also known as 284.Dq __progname ) . 285.It Li \&%A 286The value of the environment variable 287.Ev LD_TRACE_LOADED_OBJECTS_PROGNAME . 288Typically used to print both the names of programs and shared libraries 289being inspected using 290.Xr ldd 1 . 291.It Li %o 292The library name. 293.It Li %p 294The full pathname as determined by 295.Nm rtld Ns 's 296library search rules. 297.It Li %x 298The library's load address. 299.El 300.Pp 301Additionally, 302.Ql \en 303and 304.Ql \et 305are recognized and have their usual meaning. 306.It Ev LD_UTRACE 307If set, 308.Nm 309will log events such as the loading and unloading of shared objects via 310.Xr utrace 2 . 311.It Ev LD_LOADFLTR 312If set, 313.Nm 314will process the filtee dependencies of the loaded objects immediately, 315instead of postponing it until required. 316Normally, the filtees are opened at the time of the first symbol resolution 317from the filter object. 318.It Ev LD_SHOW_AUXV 319If set, causes 320.Nm 321to dump content of the aux vector to standard output, before passing 322control to any user code. 323.El 324.Sh DIRECT EXECUTION MODE 325.Nm 326is typically used implicitly, loaded by the kernel as requested by the 327.Dv PT_INTERP 328program header of the executed binary. 329.Fx 330also supports a direct execution mode for the dynamic linker. 331In this mode, the user explicitly executes 332.Nm 333and provides the path of the program to be linked and executed as 334an argument. 335This mode allows use of a non-standard dynamic linker for a program 336activation without changing the binary or without changing 337the installed dynamic linker. 338Execution options may be specified. 339.Pp 340The syntax of the direct invocation is 341.Bd -ragged -offset indent 342.Pa /libexec/ld-elf.so.1 343.Op Fl b Ar exe 344.Op Fl d 345.Op Fl f Ar fd 346.Op Fl p 347.Op Fl u 348.Op Fl v 349.Op Fl - 350.Pa image_path 351.Op Ar image arguments 352.Ed 353.Pp 354The options are: 355.Bl -tag -width indent 356.It Fl b Ar exe 357Use the executable 358.Fa exe 359instead of 360.Fa image_path 361for activation. 362If this option is specified, 363.Ar image_path 364is only used to provide the 365.Va argv[0] 366value to the program. 367.It Fl d 368Turn off the emulation of the binary execute permission. 369.It Fl f Ar fd 370File descriptor 371.Ar fd 372references the binary to be activated by 373.Nm . 374It must already be opened in the process when executing 375.Nm . 376If this option is specified, 377.Ar image_path 378is only used to provide the 379.Va argv[0] 380value to the program. 381.It Fl p 382If the 383.Pa image_path 384argument specifies a name which does not contain a slash 385.Dq Li / 386character, 387.Nm 388uses the search path provided by the environment variable 389.Dv PATH 390to find the binary to execute. 391.It Fl u 392Ignore all 393.Ev LD_ 394environment variables that otherwise affect the dynamic 395linker behavior. 396.It Fl v 397Display information about this run-time linker binary, then exit. 398.It Fl - 399Ends the 400.Nm 401options. 402The argument following 403.Fl - 404is interpreted as the path of the binary to execute. 405.El 406.Pp 407In the direct execution mode, 408.Nm 409emulates verification of the binary execute permission for the 410current user. 411This is done to avoid breaking user expectations in naively restricted 412execution environments. 413The verification only uses Unix 414.Dv DACs , 415ignores 416.Dv ACLs , 417and is naturally prone to race conditions. 418Environments which rely on such restrictions are weak 419and breakable on their own. 420It can be turned off with the 421.Fl d 422option. 423.Sh VERSIONING 424Newer 425.Nm 426might provide some features or changes in runtime behavior that cannot be 427easily detected at runtime by checking of the normal exported symbols. 428Note that it is almost always wrong to verify 429.Dv __FreeBSD_version 430in userspace to detect features, either at compile or at run time, 431because either kernel, or libc, or environment variables could not 432match the running 433.Nm . 434.Pp 435To solve the problem, 436.Nm 437exports some feature indicators in the 438.Fx 439private symbols namespace 440.Dv FBSDprivate_1.0 . 441Symbols start with the 442.Dv _rtld_version 443prefix. 444Current list of defined symbols and corresponding features is: 445.Bl -tag -width indent 446.It Dv _rtld_version__FreeBSD_version 447Symbol exports the value of the 448.Dv __FreeBSD_version 449definition as it was provided during the 450.Nm 451build. 452The symbol is always present since the 453.Dv _rtld_version 454facility was introduced. 455.It Dv _rtld_version_laddr_offset 456The 457.Va l_addr 458member of the 459.Vt link_map 460structure contains the load offset of the shared object. 461Before that, 462.Va l_addr 463contained the base address of the library. 464See 465.Xr dlinfo 3 . 466.Pp 467Also it indicates the presence of 468.Va l_refname 469member of the structure. 470.It Dv _rtld_version_dlpi_tls_data 471The 472.Va dlpi_tls_data 473member of the structure 474.Vt dl_phdr_info 475contains the address of the module TLS segment for the calling thread, 476and not the address of the initialization segment. 477.El 478.Sh FILES 479.Bl -tag -width ".Pa /var/run/ld-elf32.so.hints" -compact 480.It Pa /var/run/ld-elf.so.hints 481Hints file. 482.It Pa /var/run/ld-elf32.so.hints 483Hints file for 32-bit binaries on 64-bit system. 484.It Pa /etc/libmap.conf 485The libmap configuration file. 486.It Pa /etc/libmap32.conf 487The libmap configuration file for 32-bit binaries on 64-bit system. 488.El 489.Sh SEE ALSO 490.Xr ld 1 , 491.Xr ldd 1 , 492.Xr dlinfo 3 , 493.Xr capsicum 4 , 494.Xr elf 5 , 495.Xr libmap.conf 5 , 496.Xr ldconfig 8 497