mirror of https://github.com/mkerrisk/man-pages
ld.so.8: In secure mode, LD_AUDIT restricts the libraries that it will load
This change was introduced in glibc 2.13 See http://seclists.org/fulldisclosure/2010/Oct/344 and https://lwn.net/Articles/412048/. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
c9a39feadc
commit
50994c10bc
|
@ -350,6 +350,13 @@ as described in its
|
||||||
.IR "Linker and Libraries Guide" ,
|
.IR "Linker and Libraries Guide" ,
|
||||||
in the chapter
|
in the chapter
|
||||||
.IR "Runtime Linker Auditing Interface" .
|
.IR "Runtime Linker Auditing Interface" .
|
||||||
|
|
||||||
|
Since glibc 2.13,
|
||||||
|
.\" commit 8e9f92e9d5d7737afdacf79b76d98c4c42980508
|
||||||
|
in secure-execution mode,
|
||||||
|
names in the audit list that contain slashes are ignored,
|
||||||
|
and only shared objects in the standard search directories that
|
||||||
|
have the set-user-ID mode bit enabled are loaded.
|
||||||
.TP
|
.TP
|
||||||
.BR LD_BIND_NOT " (since glibc 2.1.95)"
|
.BR LD_BIND_NOT " (since glibc 2.1.95)"
|
||||||
If this environment variable is set to a nonempty string,
|
If this environment variable is set to a nonempty string,
|
||||||
|
|
Loading…
Reference in New Issue