Date: Thu, 1 Jun 2017 00:48:59 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r319366 - stable/11/libexec/rtld-elf Message-ID: <201706010048.v510mxak033936@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Thu Jun 1 00:48:59 2017 New Revision: 319366 URL: https://svnweb.freebsd.org/changeset/base/319366 Log: MFC r319138: Document direct execution mode for rtld. Modified: stable/11/libexec/rtld-elf/rtld.1 Directory Properties: stable/11/ (props changed) Modified: stable/11/libexec/rtld-elf/rtld.1 ============================================================================== --- stable/11/libexec/rtld-elf/rtld.1 Thu Jun 1 00:01:19 2017 (r319365) +++ stable/11/libexec/rtld-elf/rtld.1 Thu Jun 1 00:48:59 2017 (r319366) @@ -282,6 +282,77 @@ instead of postponing it until required. Normally, the filtees are opened at the time of the first symbol resolution from the filter object. .El +.Sh DIRECT EXECUTION MODE +.Nm +is typically used implicitly, loaded by the kernel as requested by the +.Dv PT_INTERP +program header of the executed binary. +.Fx +also supports a direct execution mode for the dynamic linker. +In this mode, the user explicitly executes +.Nm +and provides the path of the program to be linked and executed as +an argument. +This mode allows use of a non-standard dynamic linker for a program +activation without changing the binary or without changing +the installed dynamic linker. +Execution options may be specified. +.Pp +The syntax of the direct invocation is +.Bd -ragged -offset indent +.Pa /libexec/ld-elf.so.1 +.Op Fl f Ar fd +.Op Fl p +.Op Fl - +.Pa image_path +.Op Ar image arguments +.Ed +.Pp +The options are as follows: +.Bl -tag -width indent +.It Fl f Ar fd +File descriptor +.Ar fd +references the binary to be activated by +.Nm . +It must already be opened in the process when executing +.Nm . +If this option is specified, +.Ar image_path +is only used to provide the +.Va argv[0] +value to the program. +.It Fl p +If the +.Pa image_path +argument specifies a name which does not contain a slash +.Dq Li / +character, +.Nm +uses the search path provided by the environment variable +.Dv PATH +to find the binary to execute. +.It Fl - +Ends the +.Nm +options. +The argument following +.Fl - +is interpreted as the path of binary to execute. +.El +.Pp +To conform to user expectation to not break some naively restricted +execution environments, in the direct execution mode +.Nm +emulates verification of the binary execute permission +for current user. +The verification only uses Unix +.Dv DACs , +ignores +.Dv ACLs +and is racy by its nature. +The environments which rely on such restrictions are weak +and breakable on its own. .Sh FILES .Bl -tag -width ".Pa /var/run/ld-elf32.so.hints" -compact .It Pa /var/run/ld-elf.so.hints
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201706010048.v510mxak033936>