ld.so.8: In secure mode, LD_AUDIT restricts the libraries that it will load

This change was introduced in glibc 2.13 See http://seclists.org/fulldisclosure/2010/Oct/344 and https://lwn.net/Articles/412048/. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-01-16 11:00:52 +13:00 · 2017-01-16 11:00:52 +13:00 · 50994c10bc
parent c9a39feadc
commit 50994c10bc
1 changed files with 7 additions and 0 deletions
--- a/man8/ld.so.8
+++ b/man8/ld.so.8
@ -350,6 +350,13 @@ as described in its
 .IR "Linker and Libraries Guide" ,
 in the chapter
 .IR "Runtime Linker Auditing Interface" .
+
+Since glibc 2.13,
+.\" commit 8e9f92e9d5d7737afdacf79b76d98c4c42980508
+in secure-execution mode,
+names in the audit list that contain slashes are ignored,
+and only shared objects in the standard search directories that
+have the set-user-ID mode bit enabled are loaded.
 .TP
 .BR LD_BIND_NOT " (since glibc 2.1.95)"
 If this environment variable is set to a nonempty string,