Invoking the Auditing Interface
The rtld-audit interface is enabled by one of two means. Each method implies a scope to the objects that are audited.
-
Global auditing is enabled using the environment variable
LD_AUDIT. The audit libraries made available by this method are provided with information regarding all dynamic objects used by the process. -
Local auditing is enabled through dynamic entries recorded within an object at the time it was built. The audit libraries made available by this method are provided with information regarding those dynamic objects identified for auditing.
Either method of invocation consists of a string that contains a colon-separated list of shared objects that are loaded by dlmopen(3DL). Each object is loaded onto its own audit link-map list. Each object is searched for audit routines using dlsym(3DL). Audit routines that are found are called at various stages during the applications execution.
The rtld-audit interface enables multiple audit libraries to be supplied. Audit libraries that expect to be employed in this fashion should not alter the bindings that would normally be returned by the runtime linker. Alteration of these bindings can produce unexpected results from audit libraries that follow.
Secure applications can only obtain audit libraries from trusted directories. By default, the only trusted directory known to the runtime linker for 32–bit objects is /usr/lib/secure. For 64–bit objects, the trusted directory is /usr/lib/secure/64.
- © 2010, Oracle Corporation and/or its affiliates