HP-UX Reference (11i v1 05/09) - 1 User Commands A-M (vol 1)
l
ld(1) ld(1)
symbol tables at all and does not report shared library unsats. The dynamic loader detects them at run
time. If any of the shared libraries on the command line was modified, the linker reverts to an initial incre-
mental link.
Performance
Performance of the incremental linker may suffer greatly if you change a high percentage of object files.
The incremental linker may not link small programs much faster, and the relative increase in size of the
executable is greater than that for larger programs.
Generally, the linker needs to scan through all shared libraries on a link line in order to determine all the
unsats, even in incremental links. This process may slow down incremental links. The incremental linker
does not scan shared libraries and leaves detection of shared library unsats to the dynamic loader.
Do not use the incremental linker to create final production modules. Because it reserves additional pad-
ding space, modules created by the incremental linker are considerably larger than those created in regular
links.
Notes
The HP WDB symbolic debugger only supports debugging of incrementally linked load modules that you
create with the +objdebug compiler option enabled. (The HP DDE debugger does not support the +ild
option.
Any program that modifies an executable (for example, strip(1)), may affect the ability of
ld to perform
an incremental link. When this happens, the incremental linker issues a message and performs an initial
incremental link.
Third-party tools that work on object files may have unexpected results on modules produced by the incre-
mental linker.
Kernel Virtual Environment Support
For virtual environment support for the kernel, build your kernel with the following linker options (instead
of the
-noshared option):
$ ld ... -Bsymbolic -b +hideallsymbols +allowrorelocs +linkersyms
...
By using these options, you create the kernel as a self-contained shared library with no exported symbols
(with the
-Bsymbolic , -b, and +hideallsymbols
options). Because the kernel contains references
to linker-generated symbols such as
_etext, _end, and _edata, the +linkersyms option instructs
the linker to create these symbols (which it does not do for shared libraries by default). The kernel contains
direct calls and relocations in read-only data space. Normally these are applied at link time and are fixed
up to link-time virtual addresses. In the case of relocatable kernels, the linker needs to create dynamic
relocations to fix up these references at run-time. The
+allowrorelocs
option instructs the linker to
allow dynamic relocations in read-only sections (Normally the linker issues an error message).
Linking Secure Programs
Secure programs are programs that are commonly run by privileged users, such as
root, or programs that
run with elevated privileges due to
setuid or setgid protection. Special precautions should be taken
when linking secure programs that use shared libraries. The default linker behavior may be sufficient for
32-bit applications, but not for 64-bit applications.
Secure 64-bit programs should be linked with the option +noenvvar to disable the use of SHLIB_PATH
and LD_LIBRARY_PATH for locating shared library dependencies. Secure 64-bit programs should also
link with +nodefaultrpath to prevent the automatic construction of an embedded search path based
on search directories specified with -L options. Most directories searched at link time don’t need to be
searched at run time, and if these directories are specified as relative paths, they expose the program to the
same security risks as the use of SHLIB_PATH and LD_LIBRARY_PATH.
Normal programs that depend on libraries that only exist in a directory specified in SHLIB_PATH or
LD_LIBRARY_PATH (64-bit mode only) must be linked with +s to enable searching SHLIB_PATH and
LD_LIBRARY_PATH. Programs that depend on SHLIB_PATH or LD_LIBRARY_PATH
cannot be pro-
tected as setuid or setgid programs.
dld uses the dynamic path lookup (with SHLIB_PATH and LD_LIBRARY_PATH) only if the following
conditions are satisfied:
getuid() == geteuid() && getgid() == getegid()
HP-UX 11i Version 1: September 2005 − 17 − Hewlett-Packard Company Section 1−−453