mirror of https://github.com/mkerrisk/man-pages
ld.so.8: Note some further details of secure-execution mode
Note some further details of the treatment of environment variables in secure execution mode. In particular (as noted by Matthias Hertel), note that ignored environment variables are also stripped from the environment. Furthermore, there are some other variables, not used by the dynamic linker itself, that are also treated in this way (see the glibc source file sysdeps/generic/unsecvars.h). Reported-by: Matthias Hertel <Matthias.Hertel@rohde-schwarz.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
f3da99c4ee
commit
0e1ad2f01a
26
man8/ld.so.8
26
man8/ld.so.8
|
@ -218,10 +218,28 @@ Various environment variables influence the operation of the dynamic linker.
|
||||||
.\"
|
.\"
|
||||||
.SS Secure-execution mode
|
.SS Secure-execution mode
|
||||||
For security reasons,
|
For security reasons,
|
||||||
the effects of some environment variables are voided or modified if
|
if the dynamic linker determines that a binary should be
|
||||||
the dynamic linker determines that the binary should be
|
run in secure-execution mode,
|
||||||
run in secure-execution mode.
|
the effects of some environment variables are voided or modified,
|
||||||
(For details, see the discussion of individual environment variables below.)
|
and furthermore those environment variables are stripped from the environment,
|
||||||
|
so that the program does not even see the definitions.
|
||||||
|
Some of these environment variables affect the operation of
|
||||||
|
the dynamic linker itself, and are described below.
|
||||||
|
Other environment variables treated in this way include:
|
||||||
|
.BR GCONV_PATH ,
|
||||||
|
.BR GETCONF_DIR ,
|
||||||
|
.BR HOSTALIASES ,
|
||||||
|
.BR LOCALDOMAIN ,
|
||||||
|
.BR LOCPATH ,
|
||||||
|
.BR MALLOC_TRACE ,
|
||||||
|
.BR NIS_PATH ,
|
||||||
|
.BR NLSPATH ,
|
||||||
|
.BR RESOLV_HOST_CONF ,
|
||||||
|
.BR RES_OPTIONS ,
|
||||||
|
.BR TMPDIR ,
|
||||||
|
and
|
||||||
|
.BR TZDIR .
|
||||||
|
.PP
|
||||||
A binary is executed in secure-execution mode if the
|
A binary is executed in secure-execution mode if the
|
||||||
.B AT_SECURE
|
.B AT_SECURE
|
||||||
entry in the auxiliary vector (see
|
entry in the auxiliary vector (see
|
||||||
|
|
Loading…
Reference in New Issue