Re: what is rpath?
Posted by:
dJJnb
()
Date: May 16, 2015 11:28AM
Solaris ld.so
The dynamic linker of Solaris, specifically /lib/ld.so of SunOS 5.8 and similar systems looks for libraries in the directories specified in the LD_LIBRARY_PATH variable before looking at the DT_RPATH attribute. Sun Micro was the first to introduce dynamic lib loading. Sun later added rpath option to ld and used it in essential libs as an added security feature. GNU ld did the same to support Sun style dynamic libs. Historically long before that, assembler (asm) programs loaded objects from disk directly into code segment memory an ran it (the asm code would use relative addresses if any, a loader was not needed).
example
$ cc -shared -Wl,-soname,termcap.so.4,-rpath,/lib/termcap.so.4 -o termcap.so.4
$ objdump -a -x termcap.so.4
NEEDED libc.so.6
SONAME termcap.so.4
RPATH /lib/termcap.so.4
Above: GNU or Sun ld (ld.so) will REFUSE to load termcap for a program needing unless file termcap.so is in /lib/ and named termcap.so.4. LD_LIBRARY_PATH is ignored. Unfortunately this prevents (testing) trying a newly compiled termcap.so as ld always looks in /lib and /usr/lib first, reguardless. If /lib/termcap.so.4 is removed to remediate: the shell dies (one cannot load and alternate termcap.so and a rescue disk is needed, but also if a new termcap.so.4 has RPATH /lib, ld.so will refuse to use to load it unless it clobbered /lib/termcap.so.4). But there's another issue: it isn't safe to copy over some libs in /lib as they are "in use": further restricting the would be lib tester. Furthermore, SONAME termcap.so.4 v. SONAME termcap.so means programs needing basic termcap.so are denied because the library above deleted the ABI access to basic support.
$ cc -shared -Wl,-soname,libtermcap.so.2 -o libtermcap.so.2
$ objdump -a -x termcap.so.2
NEEDED libc.so.6
SONAME termcap.so.2
Old linux or sun used the above, which allows a user to direct any program to use any any termcap.so they specify in LD_LIBRARY_PATH or what is found in /usr/local/lib(n) using the search rules such as ld.so.conf However! GNU ld always uses /lib or /usr/lib reguardless obstinately before LD_LIBRARY_PATH, so first /lib/termcap.so is moved to /usr/local/lib and that mentioned in ld.so.conf, which enables use of moving libs and ld.so.conf or use of LD_LIBRARY_PATH to (choose library or groups of libraries) to use. A preffered practice is to use "SONAME termcap.so" and have programs check version (all libs do support that) to use features available, but that was often skipped in old releases due to slow computing speed and lack of time to code correctly.
That being said, things change: test this kind of thing thoroughly on a given platform before deciding to rely on it. Release administrators today are not respecting any guidelines or documentation of the past. Some unix do linking and loading a completely different way, rpath is specific to ld shipped with a particular distribution.
Lastly, as said, rpath is a security feature however "mandatory access control" (MAC) and other techniques can be as effective or more effective than rpath to control lib reading and writing.
Control over rpath using today's compilers
Is often nearly impossible given lengthy and convoluted make(1) scripting. Worse, some build scripts ignore --disable-rpath even though they present the same as an option. It would be impossible, timely and frustrating, to invite fixing build scripting in every odd program to compile.
A simple sh(1) "wrapper" can call the real ld , named ld.bin. The wrapper can filter in/out -rpath option before invoking ld.
#!/bin/sh
# - filter ld options here -
ld.bin $opts
But note some builds incorrectly use rpath instead of rpath-link or LD_LIBRARY_PATH or $(TOP)/dir/foo.so to locate intermediate products that stay in the build directory - thus backwardly demand rpath in the final product, which is a new issue concerning "what is rpath".