HardenedBSD/sbin/ldconfig/ldconfig.8

.\"
.\" Copyright (c) 1993 Paul Kranenburg
.\" All rights reserved.
.\" Copyright (c) 2021 The FreeBSD Foundation
.\"
.\" Portions of this documentation were written by
.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship
.\" from the FreeBSD Foundation.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"      This product includes software developed by Paul Kranenburg.
.\" 3. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd April 20, 2024
.Dt LDCONFIG 8
.Os
.Sh NAME
.Nm ldconfig
.Nd configure the dynamic linker search path for shared libraries
.Sh SYNOPSIS
.Nm
.Op Fl 32
.Op Fl BRimr
.Op Fl f Ar hints_file
.Op Ar directory | Ar
.Sh DESCRIPTION
.Nm
utility is used to configure the set of paths used by the dynamic linker
.Xr ld-elf.so.1 1
when searching for shared libraries.
The dynamic linker looks for libraries in a set of built-in system directories
and any directories specified in the hints file.
This obviates the need for storing search paths within the executable,
see the
.Fl rpath
option for the static linker
.Xr ld 1 .
.Pp
The hints file is maintained by
.Nm .
The
.Ar directories
list to be stored in the hints file is supplied on the command line.
.Pp
Alternatively to the
.Ar directories
list on the command line,
.Ar files
may be specified; these are expected to contain directories
to scan for shared libraries.
Each directory's pathname must start on a new
line.
Blank lines and lines starting with the comment character
.Ql \&#
are ignored.
.Pp
For security reasons, directories which are world or group-writable or which
are not owned by root produce warning messages and are skipped, unless
the
.Fl i
option is present.
.Pp
The
.Ev LD_LIBRARY_PATH
environment variable can be used to specify additional
shared library search directories.
.Ev LD_LIBRARY_PATH
is a
.Sq \&:
separated list of directory paths which are searched by
the dynamic linker
when it needs to load a shared library.
It can be viewed as the run-time
equivalent of the
.Fl L
switch of
.Xr ld 1 .
.Pp
The following options are recognized by
.Nm :
.Bl -tag -width indent
.It Fl 32
Generate the hints for 32-bit ABI shared libraries
on 64-bit systems that support running 32-bit binaries.
.It Fl elf
Ignored for backwards compatibility.
.It Fl B
Force writing big-endian binary data to the hints file.
The default is to create hints files in little-endian byte-order on all
architectures.
Reading of and merging into hints files preserves the endianness of the
existing hints file.
.It Fl R
Appends pathnames on the command line to the directory list from
the hints file.
.Pp
This is the default action when no options are given.
.It Fl f Ar hints_file
Read and/or update the specified hints file, instead of the standard file.
This option is provided primarily for testing.
.It Fl i
Run in insecure mode.
The security checks will not be performed.
.It Fl m
Instead of replacing the list of the directories to search with the
directories specified on the command line, merge existing list
with the specified directories, and write the result to the hints file.
.It Fl r
List the current list of the directories from the hints file
on the standard output.
The hints file is not modified.
.Pp
Scan and print all libraries found on the directories list.
.El
.Pp
The historic options
.Fl elf ,
.Fl s ,
and
.Fl v
are accepted but ignored.
.Sh SECURITY
Special care must be taken when loading shared libraries into the address
space of
.Ev set-user-Id
programs.
Whenever such a program is run by any user except the owner of the program,
the dynamic linker will only load shared libraries from paths found in
the hints file.
In particular, the
.Ev LD_LIBRARY_PATH
is not used to search for libraries.
Thus,
.Nm
serves to specify the trusted collection of directories from which
shared objects can be safely loaded.
.Sh FILES
.Bl -tag -width /usr/local/libdata/ldconfig/* -compact
.It Pa /var/run/ld-elf.so.hints
Standard hints file for the ELF dynamic linker.
.It Pa /var/run/ld-elf32.so.hints
Hints file for 32 bit libraries on 64 bit architectures, processed by
ldconfig when invoked with
.Fl 32 .
.It Pa /etc/ld-elf.so.conf
Optional file with names of directories to be included in the standard
hints file when booting to multi-user mode.
.It Pa /usr/local/libdata/ldconfig/*
Additional files with names of directories provided by optional ports
or packages.
.El
.Sh SEE ALSO
.Xr ld 1 ,
.Xr ld-elf.so.1 1 ,
.Xr link 5
.Sh HISTORY
A
.Nm
utility first appeared in SunOS 4.0, it appeared in its current form
in
.Fx 1.1 .
.Pp
The name 'hints file' is historic from the times when the file also contained
hints to the dynamic linker.
This functionality is not provided for ELF.