From 578616fa6e8c3d21bb759a062bdbd0993d9ef825 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Mon, 8 May 2017 14:41:23 +0200 Subject: [PATCH] ld.so.8: Make notes on secure-execute mode more prominent Place each note on secure-execution mode in a separate paragraph, to make it more obvious. Signed-off-by: Michael Kerrisk --- man8/ld.so.8 | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/man8/ld.so.8 b/man8/ld.so.8 index 7a7540d336..b40fe87417 100644 --- a/man8/ld.so.8 +++ b/man8/ld.so.8 @@ -268,6 +268,7 @@ The items in the list are separated by either colons or semicolons. Similar to the .B PATH environment variable. + This variable is ignored in secure-execution mode. Within the pathnames specified in @@ -342,6 +343,7 @@ to be loaded before all others in a separate linker namespace (i.e., one that does not intrude upon the normal symbol bindings that would occur in the process). These objects can be used to audit the operation of the dynamic linker. + .B LD_AUDIT is ignored in secure-execution mode. @@ -447,6 +449,7 @@ File in which .B LD_DEBUG output should be written. The default is standard error. + .B LD_DEBUG_OUTPUT is ignored in secure-execution mode. .TP @@ -460,6 +463,7 @@ allow weak symbols to be overridden (reverting to old glibc behavior). .\" From: Ulrich Drepper .\" Date: 07 Jun 2000 20:08:12 -0700 .\" Reply-To: drepper at cygnus dot com (Ulrich Drepper) + Since glibc 2.3.4, .B LD_DYNAMIC_WEAK is ignored in secure-execution mode. @@ -469,11 +473,12 @@ Mask for hardware capabilities. .TP .BR LD_ORIGIN_PATH " (since glibc 2.1)" Path where the binary is found. +.\" Used only if $ORIGIN can't be determined by normal means +.\" (from the origin path saved at load time, or from /proc/self/exe)? + Since glibc 2.4, .B LD_ORIGIN_PATH is ignored in secure-execution mode. -.\" Used only if $ORIGIN can't be determined by normal means -.\" (from the origin path saved at load time, or from /proc/self/exe)? .TP .BR LD_POINTER_GUARD " (glibc from 2.4 to 2.22)" Set to 0 to disable pointer guarding. @@ -504,6 +509,7 @@ output should be written. If this variable is not defined, or is defined as an empty string, then the default is .IR /var/tmp . + .B LD_PROFILE_OUTPUT is ignored in secure-execution mode; instead .IR /var/profile @@ -513,6 +519,7 @@ is always used. If this environment variable is defined (with any value), show the auxiliary array passed up from the kernel (see also .BR getauxval (3)). + Since glibc 2.3.5, .B LD_SHOW_AUXV is ignored in secure-execution mode. @@ -545,6 +552,7 @@ If .B LD_USE_LOAD_BIAS is defined with the value 0, neither executables nor PIEs will honor the base addresses. + This variable is ignored in secure-execution mode. .TP .BR LD_VERBOSE " (since glibc 2.1)" @@ -568,6 +576,7 @@ will first try to map executable pages using the .BR MAP_32BIT flag, and fall back to mapping without that flag if that attempt fails. NB: MAP_32BIT will map to the low 2GB (not 4GB) of the address space. + Because .B MAP_32BIT reduces the address range available for address space layout -- 2.39.2