Fakeroot destrooting [Was: Re: lldb ...]
Clemens Lang
cal at macports.org
Sat Sep 10 06:56:54 PDT 2016
Hi,
On Sat, Sep 10, 2016 at 03:45:25PM +0200, René J.V. Bertin wrote:
> But I see quite a few items on there that are unlikely to call other
> applications. If this is only about preserving DYLD_LIBRARY_PRELOAD,
> why do you need to treat utilities like cat or rm?
cat and rm deal with files, consequently trace mode needs its code to be
injected into them (as would fakeroot). Not copying them would mean
their unmodified copies run without the "sandbox" enabled, since
DYLD_INSERT_LIBRARIES wouldn't have any effect on them.
> And what happens when you (re)set one of the tainted env. variables in
> a shell or interpreter with the SIP bit set? Is it unset or filtered
> out when you call another executable, even if that exec doesn't have
> the SIP bit set?
It's kept, but how would you do that? You cannot inject code into that
executable, and a port's build system specifies what shell scripts (for
example) get run.
--
Clemens
More information about the macports-dev
mailing list