4.0.1: Standards: Dynamic Library Search Order - rdkcentral/ut-core GitHub Wiki

The dlopen function in C is used to dynamically load shared libraries at runtime. Here's how it searches for libraries and how LD_LIBRARY_PATH plays a role:

Search Order

When you call dlopen with a library name, it follows a specific search order to locate the library:

  1. Absolute Path: If the filename provided to dlopen includes a slash ("/"), it's treated as an absolute or relative path, and the dynamic linker will try to load the library directly from that location.

  2. RPATH: If the executable file contains a DT_RPATH tag (and no DT_RUNPATH tag), the directories listed in the DT_RPATH tag are searched. This allows embedding paths to dependencies within the executable itself.

  3. LD_LIBRARY_PATH: If the environment variable LD_LIBRARY_PATH is set when the program starts, the directories listed in it are searched. However, this is ignored for security reasons if the program has set-user-ID or set-group-ID permissions.

  4. RUNPATH: If the executable file contains a DT_RUNPATH tag, the directories listed in that tag are searched. This is similar to DT_RPATH but is often preferred because it allows more flexibility in how libraries are found.

  5. ld.so.cache: The dynamic linker checks the file /etc/ld.so.cache (maintained by ldconfig) to see if it contains an entry for the library. This cache speeds up library loading.

  6. Default Directories: Finally, the directories /lib and /usr/lib are searched.

LD_LIBRARY_PATH

LD_LIBRARY_PATH is an environment variable that can be used to specify additional directories where the dynamic linker should look for shared libraries. It can be useful for:

  • Testing: You can temporarily add a directory with your test libraries to LD_LIBRARY_PATH without having to install them in the system directories.
  • Development: If you're working on a library that's not yet installed in a standard location, you can use LD_LIBRARY_PATH to tell your program where to find it.
  • Deployment: In some cases, you might need to use LD_LIBRARY_PATH to point to libraries installed in non-standard locations.

Security Considerations

While LD_LIBRARY_PATH can be helpful, it's important to use it with caution:

  • Security Risks: If LD_LIBRARY_PATH is set to include untrusted directories, it can make your program vulnerable to attacks where malicious libraries are loaded instead of the legitimate ones.
  • Maintainability Issues: Overusing LD_LIBRARY_PATH can make your program harder to deploy and maintain, as it relies on a specific environment variable being set correctly.

Best Practices

  • Use RPATH or RUNPATH: Whenever possible, use RPATH or RUNPATH to encode the library search paths directly into your executable. This is generally a more secure and reliable approach than relying on LD_LIBRARY_PATH.
  • Limit Use of LD_LIBRARY_PATH: If you must use LD_LIBRARY_PATH, try to limit its use to development and testing environments, and avoid setting it globally.
  • Be Mindful of Security: Always be cautious about setting LD_LIBRARY_PATH to include directories that you don't fully trust.