diff mbox series

[3/3] elf: Implement DT_AUDIT, DT_DEPAUDIT support [BZ #24943]

Message ID c690bf5f218cc21078ee172f8ab5b99e0a0fa038.1585914979.git.fweimer@redhat.com
State Committed
Headers show
Series Add DT_AUDIT support [BZ #24943] | expand

Commit Message

Florian Weimer April 3, 2020, 12:03 p.m. UTC
binutils ld has supported --audit, --depaudit for a long time,
only support in glibc has been missing.
---
 NEWS                    |  3 +++
 elf/Makefile            | 22 +++++++++++++++--
 elf/rtld.c              | 23 +++++++++++++++++-
 elf/tst-audit14.c       | 46 +++++++++++++++++++++++++++++++++++
 elf/tst-audit15.c       | 50 ++++++++++++++++++++++++++++++++++++++
 elf/tst-audit16.c       | 54 +++++++++++++++++++++++++++++++++++++++++
 elf/tst-auditlogmod-1.c | 27 +++++++++++++++++++++
 elf/tst-auditlogmod-2.c | 27 +++++++++++++++++++++
 elf/tst-auditlogmod-3.c | 27 +++++++++++++++++++++
 9 files changed, 276 insertions(+), 3 deletions(-)
 create mode 100644 elf/tst-audit14.c
 create mode 100644 elf/tst-audit15.c
 create mode 100644 elf/tst-audit16.c
 create mode 100644 elf/tst-auditlogmod-1.c
 create mode 100644 elf/tst-auditlogmod-2.c
 create mode 100644 elf/tst-auditlogmod-3.c

Comments

Carlos O'Donell April 3, 2020, 12:49 p.m. UTC | #1
On 4/3/20 8:03 AM, Florian Weimer via Libc-alpha wrote:
> binutils ld has supported --audit, --depaudit for a long time,
> only support in glibc has been missing.

OK for master.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

> ---
>  NEWS                    |  3 +++
>  elf/Makefile            | 22 +++++++++++++++--
>  elf/rtld.c              | 23 +++++++++++++++++-
>  elf/tst-audit14.c       | 46 +++++++++++++++++++++++++++++++++++
>  elf/tst-audit15.c       | 50 ++++++++++++++++++++++++++++++++++++++
>  elf/tst-audit16.c       | 54 +++++++++++++++++++++++++++++++++++++++++
>  elf/tst-auditlogmod-1.c | 27 +++++++++++++++++++++
>  elf/tst-auditlogmod-2.c | 27 +++++++++++++++++++++
>  elf/tst-auditlogmod-3.c | 27 +++++++++++++++++++++
>  9 files changed, 276 insertions(+), 3 deletions(-)
>  create mode 100644 elf/tst-audit14.c
>  create mode 100644 elf/tst-audit15.c
>  create mode 100644 elf/tst-audit16.c
>  create mode 100644 elf/tst-auditlogmod-1.c
>  create mode 100644 elf/tst-auditlogmod-2.c
>  create mode 100644 elf/tst-auditlogmod-3.c
> 
> diff --git a/NEWS b/NEWS
> index 466c203633..b5d7b34f8a 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -11,6 +11,9 @@ Major new features:
>  
>    * New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq)
>  
> +* The GNU C Library now loads audit modules listed in the DT_AUDIT and
> +  DT_DEPAUDIT dynamic section entries of the main executable.

OK.

> +
>  Deprecated and removed features, and other changes affecting compatibility:
>  
>    [Add deprecations, removals and changes affecting compatibility here]
> diff --git a/elf/Makefile b/elf/Makefile
> index da689a2c7b..9b1d58c7ad 100644
> --- a/elf/Makefile
> +++ b/elf/Makefile
> @@ -202,7 +202,8 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
>  	 tst-sonamemove-link tst-sonamemove-dlopen tst-dlopen-tlsmodid \
>  	 tst-dlopen-self tst-auditmany tst-initfinilazyfail tst-dlopenfail \
>  	 tst-dlopenfail-2 \
> -	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen
> +	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
> +	 tst-audit14 tst-audit15 tst-audit16
>  #	 reldep9
>  tests-internal += loadtest unload unload2 circleload1 \
>  	 neededtest neededtest2 neededtest3 neededtest4 \
> @@ -314,7 +315,8 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
>  		tst-initlazyfailmod tst-finilazyfailmod \
>  		tst-dlopenfailmod1 tst-dlopenfaillinkmod tst-dlopenfailmod2 \
>  		tst-dlopenfailmod3 tst-ldconfig-ld-mod \
> -		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee
> +		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee \
> +		tst-auditlogmod-1 tst-auditlogmod-2 tst-auditlogmod-3
>  # Most modules build with _ISOMAC defined, but those filtered out
>  # depend on internal headers.
>  modules-names-tests = $(filter-out ifuncmod% tst-libc_dlvsym-dso tst-tlsmod%,\
> @@ -1498,6 +1500,22 @@ $(objpfx)tst-auditmany.out: $(objpfx)tst-auditmanymod1.so \
>  tst-auditmany-ENV = \
>    LD_AUDIT=tst-auditmanymod1.so:tst-auditmanymod2.so:tst-auditmanymod3.so:tst-auditmanymod4.so:tst-auditmanymod5.so:tst-auditmanymod6.so:tst-auditmanymod7.so:tst-auditmanymod8.so:tst-auditmanymod9.so
>  
> +LDFLAGS-tst-audit14 = -Wl,--audit=tst-auditlogmod-1.so
> +$(objpfx)tst-auditlogmod-1.so: $(libsupport)
> +$(objpfx)tst-audit14.out: $(objpfx)tst-auditlogmod-1.so
> +LDFLAGS-tst-audit15 = \
> +  -Wl,--audit=tst-auditlogmod-1.so,--depaudit=tst-auditlogmod-2.so
> +$(objpfx)tst-auditlogmod-2.so: $(libsupport)
> +$(objpfx)tst-audit15.out: \
> +  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so
> +LDFLAGS-tst-audit16 = \
> +  -Wl,--audit=tst-auditlogmod-1.so:tst-auditlogmod-2.so \

OK. At least one test which exercises the splitting on delimiter.

> +  -Wl,--depaudit=tst-auditlogmod-3.so
> +$(objpfx)tst-auditlogmod-3.so: $(libsupport)
> +$(objpfx)tst-audit16.out: \
> +  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so \
> +  $(objpfx)tst-auditlogmod-3.so
> +
>  # tst-sonamemove links against an older implementation of the library.
>  LDFLAGS-tst-sonamemove-linkmod1.so = \
>    -Wl,--version-script=tst-sonamemove-linkmod1.map \
> diff --git a/elf/rtld.c b/elf/rtld.c
> index fe4dfbec67..b1938913a1 100644
> --- a/elf/rtld.c
> +++ b/elf/rtld.c
> @@ -153,9 +153,17 @@ static void audit_list_init (struct audit_list *);
>     not be called after audit_list_next.  */
>  static void audit_list_add_string (struct audit_list *, const char *);
>  
> +/* Add the audit strings from the link map, found in the dynamic
> +   segment at TG (either DT_AUDIT and DT_DEPAUDIT).  Must be called
> +   before audit_list_next.  */
> +static void audit_list_add_dynamic_tag (struct audit_list *,
> +					struct link_map *,
> +					unsigned int tag);

OK.

> +
>  /* Extract the next audit module from the audit list.  Only modules
>     for which dso_name_valid_for_suid is true are returned.  Must be
> -   called after all the audit_list_add_string calls.  */
> +   called after all the audit_list_add_string,
> +   audit_list_add_dynamic_tags calls.  */
>  static const char *audit_list_next (struct audit_list *);
>  
>  /* This is a list of all the modes the dynamic loader can be in.  */
> @@ -236,6 +244,16 @@ audit_list_add_string (struct audit_list *list, const char *string)
>      list->current_tail = string;
>  }
>  
> +static void
> +audit_list_add_dynamic_tag (struct audit_list *list, struct link_map *main_map,
> +			    unsigned int tag)
> +{
> +  ElfW(Dyn) *info = main_map->l_info[ADDRIDX (tag)];
> +  const char *strtab = (const char *) D_PTR (main_map, l_info[DT_STRTAB]);
> +  if (info != NULL)
> +    audit_list_add_string (list, strtab + info->d_un.d_val);
> +}

OK.

> +
>  static const char *
>  audit_list_next (struct audit_list *list)
>  {
> @@ -1638,6 +1656,9 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]);
>      /* Assign a module ID.  Do this before loading any audit modules.  */
>      GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
>  
> +  audit_list_add_dynamic_tag (&audit_list, main_map, DT_AUDIT);
> +  audit_list_add_dynamic_tag (&audit_list, main_map, DT_DEPAUDIT);

OK. I like seeing good APIs that make adding functionality easy :-)

> +
>    /* If we have auditing DSOs to load, do it now.  */
>    bool need_security_init = true;
>    if (audit_list.length > 0)
> diff --git a/elf/tst-audit14.c b/elf/tst-audit14.c
> new file mode 100644
> index 0000000000..73e6634e35
> --- /dev/null
> +++ b/elf/tst-audit14.c
> @@ -0,0 +1,46 @@
> +/* Main program with DT_AUDIT.  One audit module.

OK.

> +   Copyright (C) 2020 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <http://www.gnu.org/licenses/>.  */
> +
> +#include <stdlib.h>
> +#include <string.h>
> +#include <support/check.h>
> +#include <support/xstdio.h>
> +
> +static int
> +do_test (void)
> +{
> +  /* Verify what the audit module has written.  This test assumes that
> +     standard output has been redirected to a regular file.  */
> +  FILE *fp = xfopen ("/dev/stdout", "r");
> +
> +  char *buffer = NULL;
> +  size_t buffer_length = 0;
> +  size_t line_length = xgetline (&buffer, &buffer_length, fp);
> +  const char *message = "info: tst-auditlogmod-1.so loaded\n";
> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
> +
> +  /* No more audit module output.  */
> +  line_length = xgetline (&buffer, &buffer_length, fp);
> +  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
> +
> +  free (buffer);
> +  xfclose (fp);
> +  return 0;
> +}
> +
> +#include <support/test-driver.c>
> diff --git a/elf/tst-audit15.c b/elf/tst-audit15.c
> new file mode 100644
> index 0000000000..3d6a31c242
> --- /dev/null
> +++ b/elf/tst-audit15.c
> @@ -0,0 +1,50 @@
> +/* Main program with DT_AUDIT and DT_DEPAUDIT.  Two audit modules.

OK.

> +   Copyright (C) 2020 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <http://www.gnu.org/licenses/>.  */
> +
> +#include <stdlib.h>
> +#include <string.h>
> +#include <support/check.h>
> +#include <support/xstdio.h>
> +
> +static int
> +do_test (void)
> +{
> +  /* Verify what the audit modules have written.  This test assumes
> +     that standard output has been redirected to a regular file.  */
> +  FILE *fp = xfopen ("/dev/stdout", "r");
> +
> +  char *buffer = NULL;
> +  size_t buffer_length = 0;
> +  size_t line_length = xgetline (&buffer, &buffer_length, fp);
> +  const char *message = "info: tst-auditlogmod-1.so loaded\n";
> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
> +
> +  line_length = xgetline (&buffer, &buffer_length, fp);
> +  message = "info: tst-auditlogmod-2.so loaded\n";
> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
> +
> +  /* No more audit module output.  */
> +  line_length = xgetline (&buffer, &buffer_length, fp);
> +  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
> +
> +  free (buffer);
> +  xfclose (fp);
> +  return 0;
> +}
> +
> +#include <support/test-driver.c>
> diff --git a/elf/tst-audit16.c b/elf/tst-audit16.c
> new file mode 100644
> index 0000000000..1a7d6eee5e
> --- /dev/null
> +++ b/elf/tst-audit16.c
> @@ -0,0 +1,54 @@
> +/* Main program with DT_AUDIT and DT_DEPAUDIT.  Three audit modules.

OK.

> +   Copyright (C) 2020 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <http://www.gnu.org/licenses/>.  */
> +
> +#include <stdlib.h>
> +#include <string.h>
> +#include <support/check.h>
> +#include <support/xstdio.h>
> +
> +static int
> +do_test (void)
> +{
> +  /* Verify what the audit modules have written.  This test assumes
> +     that standard output has been redirected to a regular file.  */
> +  FILE *fp = xfopen ("/dev/stdout", "r");
> +
> +  char *buffer = NULL;
> +  size_t buffer_length = 0;
> +  size_t line_length = xgetline (&buffer, &buffer_length, fp);
> +  const char *message = "info: tst-auditlogmod-1.so loaded\n";
> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
> +
> +  line_length = xgetline (&buffer, &buffer_length, fp);
> +  message = "info: tst-auditlogmod-2.so loaded\n";
> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
> +
> +  line_length = xgetline (&buffer, &buffer_length, fp);
> +  message = "info: tst-auditlogmod-3.so loaded\n";
> +  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
> +
> +  /* No more audit module output.  */
> +  line_length = xgetline (&buffer, &buffer_length, fp);
> +  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
> +
> +  free (buffer);
> +  xfclose (fp);
> +  return 0;
> +}
> +
> +#include <support/test-driver.c>
> diff --git a/elf/tst-auditlogmod-1.c b/elf/tst-auditlogmod-1.c
> new file mode 100644
> index 0000000000..e6b8cd9094
> --- /dev/null
> +++ b/elf/tst-auditlogmod-1.c
> @@ -0,0 +1,27 @@
> +/* Audit module which logs that it was loaded.  Variant 1.
> +   Copyright (C) 2020 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <http://www.gnu.org/licenses/>.  */
> +
> +#include <link.h>
> +#include <support/support.h>
> +
> +unsigned int
> +la_version (unsigned int v)
> +{
> +  write_message ("info: tst-auditlogmod-1.so loaded\n");
> +  return LAV_CURRENT;
> +}
> diff --git a/elf/tst-auditlogmod-2.c b/elf/tst-auditlogmod-2.c
> new file mode 100644
> index 0000000000..9e7f0acabc
> --- /dev/null
> +++ b/elf/tst-auditlogmod-2.c
> @@ -0,0 +1,27 @@
> +/* Audit module which logs that it was loaded.  Variant 2.
> +   Copyright (C) 2020 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <http://www.gnu.org/licenses/>.  */
> +
> +#include <link.h>
> +#include <support/support.h>
> +
> +unsigned int
> +la_version (unsigned int v)
> +{
> +  write_message ("info: tst-auditlogmod-2.so loaded\n");
> +  return LAV_CURRENT;
> +}
> diff --git a/elf/tst-auditlogmod-3.c b/elf/tst-auditlogmod-3.c
> new file mode 100644
> index 0000000000..c4c1a58145
> --- /dev/null
> +++ b/elf/tst-auditlogmod-3.c
> @@ -0,0 +1,27 @@
> +/* Audit module which logs that it was loaded.  Variant 3.
> +   Copyright (C) 2020 Free Software Foundation, Inc.
> +   This file is part of the GNU C Library.
> +
> +   The GNU C Library is free software; you can redistribute it and/or
> +   modify it under the terms of the GNU Lesser General Public
> +   License as published by the Free Software Foundation; either
> +   version 2.1 of the License, or (at your option) any later version.
> +
> +   The GNU C Library is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +   Lesser General Public License for more details.
> +
> +   You should have received a copy of the GNU Lesser General Public
> +   License along with the GNU C Library; if not, see
> +   <http://www.gnu.org/licenses/>.  */
> +
> +#include <link.h>
> +#include <support/support.h>
> +
> +unsigned int
> +la_version (unsigned int v)
> +{
> +  write_message ("info: tst-auditlogmod-3.so loaded\n");
> +  return LAV_CURRENT;
> +}
>
diff mbox series

Patch

diff --git a/NEWS b/NEWS
index 466c203633..b5d7b34f8a 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@  Major new features:
 
   * New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq)
 
+* The GNU C Library now loads audit modules listed in the DT_AUDIT and
+  DT_DEPAUDIT dynamic section entries of the main executable.
+
 Deprecated and removed features, and other changes affecting compatibility:
 
   [Add deprecations, removals and changes affecting compatibility here]
diff --git a/elf/Makefile b/elf/Makefile
index da689a2c7b..9b1d58c7ad 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -202,7 +202,8 @@  tests += restest1 preloadtest loadfail multiload origtest resolvfail \
 	 tst-sonamemove-link tst-sonamemove-dlopen tst-dlopen-tlsmodid \
 	 tst-dlopen-self tst-auditmany tst-initfinilazyfail tst-dlopenfail \
 	 tst-dlopenfail-2 \
-	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen
+	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
+	 tst-audit14 tst-audit15 tst-audit16
 #	 reldep9
 tests-internal += loadtest unload unload2 circleload1 \
 	 neededtest neededtest2 neededtest3 neededtest4 \
@@ -314,7 +315,8 @@  modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
 		tst-initlazyfailmod tst-finilazyfailmod \
 		tst-dlopenfailmod1 tst-dlopenfaillinkmod tst-dlopenfailmod2 \
 		tst-dlopenfailmod3 tst-ldconfig-ld-mod \
-		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee
+		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee \
+		tst-auditlogmod-1 tst-auditlogmod-2 tst-auditlogmod-3
 # Most modules build with _ISOMAC defined, but those filtered out
 # depend on internal headers.
 modules-names-tests = $(filter-out ifuncmod% tst-libc_dlvsym-dso tst-tlsmod%,\
@@ -1498,6 +1500,22 @@  $(objpfx)tst-auditmany.out: $(objpfx)tst-auditmanymod1.so \
 tst-auditmany-ENV = \
   LD_AUDIT=tst-auditmanymod1.so:tst-auditmanymod2.so:tst-auditmanymod3.so:tst-auditmanymod4.so:tst-auditmanymod5.so:tst-auditmanymod6.so:tst-auditmanymod7.so:tst-auditmanymod8.so:tst-auditmanymod9.so
 
+LDFLAGS-tst-audit14 = -Wl,--audit=tst-auditlogmod-1.so
+$(objpfx)tst-auditlogmod-1.so: $(libsupport)
+$(objpfx)tst-audit14.out: $(objpfx)tst-auditlogmod-1.so
+LDFLAGS-tst-audit15 = \
+  -Wl,--audit=tst-auditlogmod-1.so,--depaudit=tst-auditlogmod-2.so
+$(objpfx)tst-auditlogmod-2.so: $(libsupport)
+$(objpfx)tst-audit15.out: \
+  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so
+LDFLAGS-tst-audit16 = \
+  -Wl,--audit=tst-auditlogmod-1.so:tst-auditlogmod-2.so \
+  -Wl,--depaudit=tst-auditlogmod-3.so
+$(objpfx)tst-auditlogmod-3.so: $(libsupport)
+$(objpfx)tst-audit16.out: \
+  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so \
+  $(objpfx)tst-auditlogmod-3.so
+
 # tst-sonamemove links against an older implementation of the library.
 LDFLAGS-tst-sonamemove-linkmod1.so = \
   -Wl,--version-script=tst-sonamemove-linkmod1.map \
diff --git a/elf/rtld.c b/elf/rtld.c
index fe4dfbec67..b1938913a1 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -153,9 +153,17 @@  static void audit_list_init (struct audit_list *);
    not be called after audit_list_next.  */
 static void audit_list_add_string (struct audit_list *, const char *);
 
+/* Add the audit strings from the link map, found in the dynamic
+   segment at TG (either DT_AUDIT and DT_DEPAUDIT).  Must be called
+   before audit_list_next.  */
+static void audit_list_add_dynamic_tag (struct audit_list *,
+					struct link_map *,
+					unsigned int tag);
+
 /* Extract the next audit module from the audit list.  Only modules
    for which dso_name_valid_for_suid is true are returned.  Must be
-   called after all the audit_list_add_string calls.  */
+   called after all the audit_list_add_string,
+   audit_list_add_dynamic_tags calls.  */
 static const char *audit_list_next (struct audit_list *);
 
 /* This is a list of all the modes the dynamic loader can be in.  */
@@ -236,6 +244,16 @@  audit_list_add_string (struct audit_list *list, const char *string)
     list->current_tail = string;
 }
 
+static void
+audit_list_add_dynamic_tag (struct audit_list *list, struct link_map *main_map,
+			    unsigned int tag)
+{
+  ElfW(Dyn) *info = main_map->l_info[ADDRIDX (tag)];
+  const char *strtab = (const char *) D_PTR (main_map, l_info[DT_STRTAB]);
+  if (info != NULL)
+    audit_list_add_string (list, strtab + info->d_un.d_val);
+}
+
 static const char *
 audit_list_next (struct audit_list *list)
 {
@@ -1638,6 +1656,9 @@  ERROR: '%s': cannot process note segment.\n", _dl_argv[0]);
     /* Assign a module ID.  Do this before loading any audit modules.  */
     GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
 
+  audit_list_add_dynamic_tag (&audit_list, main_map, DT_AUDIT);
+  audit_list_add_dynamic_tag (&audit_list, main_map, DT_DEPAUDIT);
+
   /* If we have auditing DSOs to load, do it now.  */
   bool need_security_init = true;
   if (audit_list.length > 0)
diff --git a/elf/tst-audit14.c b/elf/tst-audit14.c
new file mode 100644
index 0000000000..73e6634e35
--- /dev/null
+++ b/elf/tst-audit14.c
@@ -0,0 +1,46 @@ 
+/* Main program with DT_AUDIT.  One audit module.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+
+static int
+do_test (void)
+{
+  /* Verify what the audit module has written.  This test assumes that
+     standard output has been redirected to a regular file.  */
+  FILE *fp = xfopen ("/dev/stdout", "r");
+
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  size_t line_length = xgetline (&buffer, &buffer_length, fp);
+  const char *message = "info: tst-auditlogmod-1.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  /* No more audit module output.  */
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
+
+  free (buffer);
+  xfclose (fp);
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-audit15.c b/elf/tst-audit15.c
new file mode 100644
index 0000000000..3d6a31c242
--- /dev/null
+++ b/elf/tst-audit15.c
@@ -0,0 +1,50 @@ 
+/* Main program with DT_AUDIT and DT_DEPAUDIT.  Two audit modules.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+
+static int
+do_test (void)
+{
+  /* Verify what the audit modules have written.  This test assumes
+     that standard output has been redirected to a regular file.  */
+  FILE *fp = xfopen ("/dev/stdout", "r");
+
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  size_t line_length = xgetline (&buffer, &buffer_length, fp);
+  const char *message = "info: tst-auditlogmod-1.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  message = "info: tst-auditlogmod-2.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  /* No more audit module output.  */
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
+
+  free (buffer);
+  xfclose (fp);
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-audit16.c b/elf/tst-audit16.c
new file mode 100644
index 0000000000..1a7d6eee5e
--- /dev/null
+++ b/elf/tst-audit16.c
@@ -0,0 +1,54 @@ 
+/* Main program with DT_AUDIT and DT_DEPAUDIT.  Three audit modules.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+
+static int
+do_test (void)
+{
+  /* Verify what the audit modules have written.  This test assumes
+     that standard output has been redirected to a regular file.  */
+  FILE *fp = xfopen ("/dev/stdout", "r");
+
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  size_t line_length = xgetline (&buffer, &buffer_length, fp);
+  const char *message = "info: tst-auditlogmod-1.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  message = "info: tst-auditlogmod-2.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  message = "info: tst-auditlogmod-3.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  /* No more audit module output.  */
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
+
+  free (buffer);
+  xfclose (fp);
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/elf/tst-auditlogmod-1.c b/elf/tst-auditlogmod-1.c
new file mode 100644
index 0000000000..e6b8cd9094
--- /dev/null
+++ b/elf/tst-auditlogmod-1.c
@@ -0,0 +1,27 @@ 
+/* Audit module which logs that it was loaded.  Variant 1.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <support/support.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  write_message ("info: tst-auditlogmod-1.so loaded\n");
+  return LAV_CURRENT;
+}
diff --git a/elf/tst-auditlogmod-2.c b/elf/tst-auditlogmod-2.c
new file mode 100644
index 0000000000..9e7f0acabc
--- /dev/null
+++ b/elf/tst-auditlogmod-2.c
@@ -0,0 +1,27 @@ 
+/* Audit module which logs that it was loaded.  Variant 2.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <support/support.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  write_message ("info: tst-auditlogmod-2.so loaded\n");
+  return LAV_CURRENT;
+}
diff --git a/elf/tst-auditlogmod-3.c b/elf/tst-auditlogmod-3.c
new file mode 100644
index 0000000000..c4c1a58145
--- /dev/null
+++ b/elf/tst-auditlogmod-3.c
@@ -0,0 +1,27 @@ 
+/* Audit module which logs that it was loaded.  Variant 3.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <support/support.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  write_message ("info: tst-auditlogmod-3.so loaded\n");
+  return LAV_CURRENT;
+}