From 50994c10bcadefa457ad301771d6577b9e80bec2 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Mon, 16 Jan 2017 11:00:52 +1300
Subject: [PATCH] ld.so.8: In secure mode, LD_AUDIT restricts the libraries
 that it will load

This change was introduced in glibc 2.13

See http://seclists.org/fulldisclosure/2010/Oct/344 and
https://lwn.net/Articles/412048/.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man8/ld.so.8 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/man8/ld.so.8 b/man8/ld.so.8
index b4cfc42a1..5ca79c6f0 100644
--- a/man8/ld.so.8
+++ b/man8/ld.so.8
@@ -350,6 +350,13 @@ as described in its
 .IR "Linker and Libraries Guide" ,
 in the chapter
 .IR "Runtime Linker Auditing Interface" .
+
+Since glibc 2.13,
+.\" commit 8e9f92e9d5d7737afdacf79b76d98c4c42980508
+in secure-execution mode,
+names in the audit list that contain slashes are ignored,
+and only shared objects in the standard search directories that
+have the set-user-ID mode bit enabled are loaded.
 .TP
 .BR LD_BIND_NOT " (since glibc 2.1.95)"
 If this environment variable is set to a nonempty string,