Linker and Libraries Guide

Audit Interface Interactions

Audit routines are provided one or more cookies. A cookie is a data item that describes an individual dynamic object. An initial cookie is provided to the la_objopen() routine when a dynamic object is initially loaded. This cookie is a pointer to the associated Link_map of the loaded dynamic object. However, the la_objopen() routine is free to allocate, and return to the runtime linker, an alternative cookie. This mechanism provides the auditor a means of maintaining their own data with each dynamic object, and receiving this data with all subsequent audit routine calls.

The rtld-audit interface enables multiple audit libraries to be supplied. In this case, the return information from one auditor is passed to the same audit routine of the next auditor. Similarly, a cookie that is established by one auditor is passed to the next auditor. Care should be taken when designing an audit library that expects to coexist with other audit libraries. A safe approach should not alter the bindings, or cookies, that would normally be returned by the runtime linker. Alteration of these data can produce unexpected results from audit libraries that follow. Otherwise, all auditors should be designed to cooperate in safely changing any binding or cookie information.