ld_ia.1 (2012 03)
l
ld_ia(1) Integrity Systems Only
ld_ia(1)
• Changed linker command line, where the linker command line does not match the command line
stored in the output file. (With the exceptions of the verbose and tracing options)
• Any of the padding spaces have been exhausted.
• Modules have been modified by the
ld -s or ld -x options or tools (for example, strip (1)).
• Incompatible incremental linker version, when you run a new version of the incremental linker on an
executable created by an older version.
• New working directory, where the incremental linker performs an initial incremental link if current
directory changes.
• Archive or shared libraries are added/removed to/from the linker command line.
• Object files are removed from the linker command line.
Use the
+help option or see the Linker and Libraries User’s Guide for more information.
Archive Library Processing
The incremental linker searches an archive library if there are unsatisfied symbols. It extracts all
archive members satisfying unsatisfied symbols and processes them as new object files. If an archive
library is modified, the linker replaces the modified archive library.
An object file extracted from an archive library in the previous link remains in the output load module
even if all references to symbols defined in the object file have been removed. The linker removes these
object files when it performs the next initial incremental link.
Shared Library Processing
In an initial incremental link, the linker scans shared library symbol tables and resolves unsatisfied sym-
bols the same way it would in a regular link. In incremental links, the linker does not process shared
libraries and their symbol tables at all and does not report shared library unsatisfied symbols. The detec-
tion of unsatisfied symbols is left to the dynamic loader. If any of the shared libraries on the command
line was modified, the linker reverts to an initial incremental link.
Performance
Performance of the incremental linker may suffer greatly if you change a high percentage of object files.
The incremental linker may not link small programs much faster, and the relative increase in size of the
executable is greater than that for larger programs.
Do not use the incremental linker to create final production modules. Because it reserves additional pad-
ding space, modules created by the incremental linker are considerably larger than those created in regu-
lar links.
Security Restrictions
On a system that supports fine-grained privileges, if a process gains any privileges from the binary’s
extended attributes, dynamic path lookup is disabled. Similarly, on a system that supports compart-
ments, if a process changes compartment due to the binary’s extended attributes, the dynamic path
lookup is disabled.
See setfilexsec (1M) on how to set extended attributes on a binary. See privileges (5) and compartments (5)
for more information on privileges and compartments.
Linking Secure Programs
Secure programs are programs that are commonly run by privileged users, such as
root,orprograms
that run with elevated privileges due to setuid or setgid protection. Yous should take special precau-
tions when linking secure programs that use shared libraries. The default linker behavior may be
sufficient for secure PA-RISC 32-bit applications, but not for PA-RISC 64-bit or Integrity system applica-
tions.
Secure programs should be linked with the option
+noenvvar to disable the use of SHLIB_PATH and
LD_LIBRARY_PATH for locating shared library dependencies. Secure programs should also link with
+nodefaultrpath to prevent the automatic construction of an embedded search path based on search
directories specified with -L options. Most directories searched at link time don’t need to be searched at
run time, and if these directories are specified as relative paths, they expose the program to the same
security risks as the use of SHLIB_PATH and LD_LIBRARY_PATH.
Programs built with
+compat are linked as if +noenvvar and +nodefaultrpath were specified.
However, additional PA-RISC 32-bit compatibility features are also enabled by +compat.
HP-UX 11i Version 3: March 2012 − 17 − Hewlett-Packard Company 17