Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 1 Jun 2017 00:48:59 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r319366 - stable/11/libexec/rtld-elf
Message-ID:  <201706010048.v510mxak033936@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kib
Date: Thu Jun  1 00:48:59 2017
New Revision: 319366
URL: https://svnweb.freebsd.org/changeset/base/319366

Log:
  MFC r319138:
  Document direct execution mode for rtld.

Modified:
  stable/11/libexec/rtld-elf/rtld.1
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/libexec/rtld-elf/rtld.1
==============================================================================
--- stable/11/libexec/rtld-elf/rtld.1	Thu Jun  1 00:01:19 2017	(r319365)
+++ stable/11/libexec/rtld-elf/rtld.1	Thu Jun  1 00:48:59 2017	(r319366)
@@ -282,6 +282,77 @@ instead of postponing it until required.
 Normally, the filtees are opened at the time of the first symbol resolution
 from the filter object.
 .El
+.Sh DIRECT EXECUTION MODE
+.Nm
+is typically used implicitly, loaded by the kernel as requested by the
+.Dv PT_INTERP
+program header of the executed binary.
+.Fx
+also supports a direct execution mode for the dynamic linker.
+In this mode, the user explicitly executes
+.Nm
+and provides the path of the program to be linked and executed as
+an argument.
+This mode allows use of a non-standard dynamic linker for a program
+activation without changing the binary or without changing
+the installed dynamic linker.
+Execution options may be specified.
+.Pp
+The syntax of the direct invocation is
+.Bd -ragged -offset indent
+.Pa /libexec/ld-elf.so.1
+.Op Fl f Ar fd
+.Op Fl p
+.Op Fl -
+.Pa image_path
+.Op Ar image arguments
+.Ed
+.Pp
+The options are as follows:
+.Bl -tag -width indent
+.It Fl f Ar fd
+File descriptor
+.Ar fd
+references the binary to be activated by
+.Nm .
+It must already be opened in the process when executing
+.Nm .
+If this option is specified,
+.Ar image_path
+is only used to provide the
+.Va argv[0]
+value to the program.
+.It Fl p
+If the
+.Pa image_path
+argument specifies a name which does not contain a slash
+.Dq Li /
+character,
+.Nm
+uses the search path provided by the environment variable
+.Dv PATH
+to find the binary to execute.
+.It Fl -
+Ends the
+.Nm
+options.
+The argument following
+.Fl -
+is interpreted as the path of binary to execute.
+.El
+.Pp
+To conform to user expectation to not break some naively restricted
+execution environments, in the direct execution mode
+.Nm
+emulates verification of the binary execute permission
+for current user.
+The verification only uses Unix
+.Dv DACs ,
+ignores
+.Dv ACLs
+and is racy by its nature.
+The environments which rely on such restrictions are weak
+and breakable on its own.
 .Sh FILES
 .Bl -tag -width ".Pa /var/run/ld-elf32.so.hints" -compact
 .It Pa /var/run/ld-elf.so.hints



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201706010048.v510mxak033936>