RTLD-AUDIT(7) Miscellaneous Information Manual RTLD-AUDIT(7) rtld-audit - #define _GNU_SOURCE /* feature_test_macros(7) */ #include GNU ( ) API , . API , Solaris. . , . : , , . LD_AUDIT , () API . , , . la_version() unsigned int la_version(unsigned int version); This is the only function that must be defined by an auditing library: it performs the initial handshake between the dynamic linker and the auditing library. When invoking this function, the dynamic linker passes, in version, the highest version of the auditing interface that the linker supports. A typical implementation of this function simply returns the constant LAV_CURRENT, which indicates the version of that was used to build the audit module. If the dynamic linker does not support this version of the audit interface, it will refuse to activate this audit module. If the function returns zero, the dynamic linker also does not activate this audit module. In order to enable backwards compatibility with older dynamic linkers, an audit module can examine the version argument and return an earlier version than LAV_CURRENT, assuming the module can adjust its implementation to match the requirements of the previous version of the audit interface. The la_version function should not return the value of version without further checks because it could correspond to an interface that does not match the definitions used to build the audit module. la_objsearch() char *la_objsearch(const char *name, uintptr_t *cookie, unsigned int flag); . name , . cookie , . flag : LA_SER_ORIG , . , ELF DT_NEEDED filename dlopen(3). LA_SER_LIBPATH name LD_LIBRARY_PATH. LA_SER_RUNPATH name ELF DT_RPATH DT_RUNPATH. LA_SER_CONFIG name ldconfig(8) (/etc/ld.so.cache). LA_SER_DEFAULT name . LA_SER_SECURE name ( Linux). la_objsearch() , . NULL, . , name. la_activity() void la_activity( uintptr_t *cookie, unsigned int flag); (link-map). cookie , . , flag : LA_ACT_ADD . LA_ACT_DELETE . LA_ACT_CONSISTENT : (consistent). la_objopen() unsigned int la_objopen(struct link_map *map, Lmid_t lmid, uintptr_t *cookie); . map (link-map), . lmid : LM_ID_BASE (namespace). LM_ID_NEWLM , dlmopen(3). cookie -- . . , , . la_objopen() , (OR) , la_symbind*(): LA_FLG_BINDTO . LA_FLG_BINDFROM . 0 la_objopen() , . la_objclose() unsigned int la_objclose(uintptr_t *cookie); (finalization code), . cookie , la_objopen(). , la_objclose(), . la_preinit() void la_preinit(uintptr_t *cookie); , ( , main()). , main() dlopen(3). la_symbind*() uintptr_t la_symbind32(Elf32_Sym *sym, unsigned int ndx, uintptr_t *refcook, uintptr_t *defcook, unsigned int *flags, const char *symname); uintptr_t la_symbind64(Elf64_Sym *sym, unsigned int ndx, uintptr_t *refcook, uintptr_t *defcook, unsigned int *flags, const char *symname); , la_objopen(). la_symbind32() 32- ; la_symbind64() 64- . sym , . . st_value, . ndx . refcook , ; , la_objopen(), LA_FLG_BINDFROM. defcook , , ; , la_objopen(), LA_FLG_BINDTO. symname , . flags , PLT (Procedure Linkage Table). : LA_SYMB_DLSYM - dlsym(3). LA_SYMB_ALTVALUE la_symbind*() . , la_pltenter() la_pltexit() ( ), la_symbind() PLT . OR *flags : LA_SYMB_NOPLTENTER la_pltenter() . LA_SYMB_NOPLTEXIT la_pltexit() . la_symbind32() la_symbind64() , . , sym->st_value. , . la_pltenter() ( ). x86-32: Elf32_Addr la_i86_gnu_pltenter(Elf32_Sym *sym, unsigned int ndx, uintptr_t *refcook, uintptr_t *defcook, La_i86_regs *regs, unsigned int *flags, const char *symname, long *framesizep); PLT , . sym, ndx, refcook, defcook symname la_symbind*(). regs ( ), , PLT. flags , PLT; la_symbind*(). The framesizep argument points to a long int buffer that can be used to explicitly set the frame size used for the call to this PLT entry. If different la_pltenter() invocations for this symbol return different values, then the maximum returned value is used. The la_pltexit() function is called only if this buffer is explicitly set to a suitable value. la_pltenter() la_symbind*(). la_pltexit() ( ). x86-32: unsigned int la_i86_gnu_pltexit(Elf32_Sym *sym, unsigned int ndx, uintptr_t *refcook, uintptr_t *defcook, const La_i86_regs *inregs, La_i86_retval *outregs, const char *symname); PLT, , . PLT . sym, ndx, refcook, defcook symname la_symbind*(). inregs ( ), , PLT. outregs ( ), PLT. PLT. GNU la_pltexit() . This API is very similar to the Solaris API described in the Solaris Linker and Libraries Guide, in the chapter Runtime Linker Auditing Interface. None. API Solaris: o Solaris la_objfilter() GNU. o Solaris la_symbind32() la_pltexit() symname. o Solaris la_pltexit() inregs outregs ( retval , ). glibc 2.9 , LD_AUDIT . glibc 2.10. #include #include unsigned int la_version(unsigned int version) { printf("la_version(): version = %u; LAV_CURRENT = %u\n", version, LAV_CURRENT); return LAV_CURRENT; } char * la_objsearch(const char *name, uintptr_t *cookie, unsigned int flag) { printf("la_objsearch(): name = %s; cookie = %p", name, cookie); printf("; flag = %s\n", (flag == LA_SER_ORIG) ? "LA_SER_ORIG" : (flag == LA_SER_LIBPATH) ? "LA_SER_LIBPATH" : (flag == LA_SER_RUNPATH) ? "LA_SER_RUNPATH" : (flag == LA_SER_DEFAULT) ? "LA_SER_DEFAULT" : (flag == LA_SER_CONFIG) ? "LA_SER_CONFIG" : (flag == LA_SER_SECURE) ? "LA_SER_SECURE" : "???"); return name; } void la_activity (uintptr_t *cookie, unsigned int flag) { printf("la_activity(): cookie = %p; flag = %s\n", cookie, (flag == LA_ACT_CONSISTENT) ? "LA_ACT_CONSISTENT" : (flag == LA_ACT_ADD) ? "LA_ACT_ADD" : (flag == LA_ACT_DELETE) ? "LA_ACT_DELETE" : "???"); } unsigned int la_objopen(struct link_map *map, Lmid_t lmid, uintptr_t *cookie) { printf("la_objopen(): loading \"%s\"; lmid = %s; cookie=%p\n", map->l_name, (lmid == LM_ID_BASE) ? "LM_ID_BASE" : (lmid == LM_ID_NEWLM) ? "LM_ID_NEWLM" : "???", cookie); return LA_FLG_BINDTO | LA_FLG_BINDFROM; } unsigned int la_objclose (uintptr_t *cookie) { printf("la_objclose(): %p\n", cookie); return 0; } void la_preinit(uintptr_t *cookie) { printf("la_preinit(): %p\n", cookie); } uintptr_t la_symbind32(Elf32_Sym *sym, unsigned int ndx, uintptr_t *refcook, uintptr_t *defcook, unsigned int *flags, const char *symname) { printf("la_symbind32(): symname = %s; sym->st_value = %p\n", symname, sym->st_value); printf(" ndx = %u; flags = %#x", ndx, *flags); printf("; refcook = %p; defcook = %p\n", refcook, defcook); return sym->st_value; } uintptr_t la_symbind64(Elf64_Sym *sym, unsigned int ndx, uintptr_t *refcook, uintptr_t *defcook, unsigned int *flags, const char *symname) { printf("la_symbind64(): symname = %s; sym->st_value = %p\n", symname, sym->st_value); printf(" ndx = %u; flags = %#x", ndx, *flags); printf("; refcook = %p; defcook = %p\n", refcook, defcook); return sym->st_value; } Elf32_Addr la_i86_gnu_pltenter(Elf32_Sym *sym, unsigned int ndx, uintptr_t *refcook, uintptr_t *defcook, La_i86_regs *regs, unsigned int *flags, const char *symname, long *framesizep) { printf("la_i86_gnu_pltenter(): %s (%p)\n", symname, sym->st_value); return sym->st_value; } . ldd(1), dlopen(3), ld.so(8), ldconfig(8) aereiae , Azamat Hackimov , Dmitriy S. Seregin , Katrin Kutepova , Lockal , Yuri Kozlov , ; GNU 3 , . . , , . Linux man-pages 6.06 31 2023 . RTLD-AUDIT(7)