From owner-svn-src-stable-11@freebsd.org Thu Jun 1 00:49:00 2017 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B724BEE319; Thu, 1 Jun 2017 00:49:00 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E77172D37; Thu, 1 Jun 2017 00:48:59 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v510mxXu033937; Thu, 1 Jun 2017 00:48:59 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v510mxak033936; Thu, 1 Jun 2017 00:48:59 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201706010048.v510mxak033936@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Thu, 1 Jun 2017 00:48:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r319366 - stable/11/libexec/rtld-elf X-SVN-Group: stable-11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jun 2017 00:49:00 -0000 Author: kib Date: Thu Jun 1 00:48:59 2017 New Revision: 319366 URL: https://svnweb.freebsd.org/changeset/base/319366 Log: MFC r319138: Document direct execution mode for rtld. Modified: stable/11/libexec/rtld-elf/rtld.1 Directory Properties: stable/11/ (props changed) Modified: stable/11/libexec/rtld-elf/rtld.1 ============================================================================== --- stable/11/libexec/rtld-elf/rtld.1 Thu Jun 1 00:01:19 2017 (r319365) +++ stable/11/libexec/rtld-elf/rtld.1 Thu Jun 1 00:48:59 2017 (r319366) @@ -282,6 +282,77 @@ instead of postponing it until required. Normally, the filtees are opened at the time of the first symbol resolution from the filter object. .El +.Sh DIRECT EXECUTION MODE +.Nm +is typically used implicitly, loaded by the kernel as requested by the +.Dv PT_INTERP +program header of the executed binary. +.Fx +also supports a direct execution mode for the dynamic linker. +In this mode, the user explicitly executes +.Nm +and provides the path of the program to be linked and executed as +an argument. +This mode allows use of a non-standard dynamic linker for a program +activation without changing the binary or without changing +the installed dynamic linker. +Execution options may be specified. +.Pp +The syntax of the direct invocation is +.Bd -ragged -offset indent +.Pa /libexec/ld-elf.so.1 +.Op Fl f Ar fd +.Op Fl p +.Op Fl - +.Pa image_path +.Op Ar image arguments +.Ed +.Pp +The options are as follows: +.Bl -tag -width indent +.It Fl f Ar fd +File descriptor +.Ar fd +references the binary to be activated by +.Nm . +It must already be opened in the process when executing +.Nm . +If this option is specified, +.Ar image_path +is only used to provide the +.Va argv[0] +value to the program. +.It Fl p +If the +.Pa image_path +argument specifies a name which does not contain a slash +.Dq Li / +character, +.Nm +uses the search path provided by the environment variable +.Dv PATH +to find the binary to execute. +.It Fl - +Ends the +.Nm +options. +The argument following +.Fl - +is interpreted as the path of binary to execute. +.El +.Pp +To conform to user expectation to not break some naively restricted +execution environments, in the direct execution mode +.Nm +emulates verification of the binary execute permission +for current user. +The verification only uses Unix +.Dv DACs , +ignores +.Dv ACLs +and is racy by its nature. +The environments which rely on such restrictions are weak +and breakable on its own. .Sh FILES .Bl -tag -width ".Pa /var/run/ld-elf32.so.hints" -compact .It Pa /var/run/ld-elf.so.hints