[suse-security] ldconfig binding order correct ?

Hi SuSE security community,

ldconfig / ld.so  seems to include /usr/local/lib first and before /usr/lib.

Is this the right order to load libraries ?

Due some installation (self compiled version + suse-package) of nessus
I found this "strange behavoir". /usr/sbin/nessusd started with the
"self compiled" /usr/local/lib/* files.

I expected this order only with a set LD_LIBRARY_PATH.

May be it's define to take the pathes of /etc/ld.so.conf first.

Does somebody an official definition of the "ld.so.conf" order ?

Best regards,


PS: It's not a security problem until somebody is able to write a modified
    library to /usr/local/lib which is taken earlier than the /usr/lib/...

