The caller has no good way to determine the size of the buffer, so this is inherently dangerous: case RTLD_DI_ORIGIN: strcpy (args->arg, l->l_origin); break; We should define a new constant and deprecate the old one. The new operation should probably use strdup instead of strcpy.
A potential replacement interface has been discussed upstream here: https://sourceware.org/pipermail/libc-alpha/2024-August/159072.html The tool authors that I've talked to have not expressed a strong preference for any of the proposed alternatives. However, they are very interested in not having buffer overflows in their code and would love to move to secure interface to the same information.