Fakeroot destrooting [Was: Re: lldb ...]

Clemens Lang cal at macports.org
Sat Sep 10 09:38:36 PDT 2016


Hi,

On Sat, Sep 10, 2016 at 09:14:16AM -0700, Jeremy Huddleston Sequoia wrote:
> No, the DYLD_INSERT_LIBRARIES approach is the right one here.
> Interested users would need to disable SIP.

"Interested users" would be everybody who uses MacPorts. I'd vote
against telling all our users to disable SIP. It's a useful
security/safety feature and it even helps us because users can no longer
mess up their /usr/bin.

I don't see why the kernel, dyld, or whoever strips the flags could not
just behave like running a copy of the binary at hand when it sees a
DYLD variable, i.e. do the workaround we're doing manually at the
moment.


> It would be nice if a mechanism were in place to determine trust of
> certain libraries in DYLD_INSERT_LIBRARIES.

So you're suggesting DYLD_INSERT_LIBRARIES on SIP-protected binaries
should only work if the inserted library is signed? How would that
improve anything? Are you suggesting every open source project out there
that uses library preloading now pays for a certificate and regularly
builds and releases binaries for macOS? Frankly, I don't see that
happening.


> Please file radars and point me to them, so I can make sure they get
> routed to the right place (likely as dupes, but dupes are very useful
> "votes" for bugs).

Those tickets have been filed when SIP was introduced and
DYLD_INSERT_LIBRARIES stopped working. Evidently, it wasn't important
enough to get fixed, so you'll forgive me if I have better things to do
with my time.

-- 
Clemens


More information about the macports-dev mailing list