dyld: DYLD_ environment variables being ignored because main executable (/usr/bin/sudo) is setuid or setgid

Richard L. Hamilton rlhamil at smart.net
Fri May 17 16:52:08 PDT 2013


Sounds to me like something (.profile, .bash_profile, .login, .bashrc, .cshrc, etc?) is setting those DYLD environment variables under the one account, but not under the other.  Ignoring them is legitimate.  DYLD checks using issetugid(2) to decide whether to ignore them*.  That's a security issue, since they could otherwise be used to cause the privileged program to do something other than what it was intended to do, and grant its privileges in a way that could be abused.

* For low-level stuff like that, there's a good chance it's open source.  If you google for the error message plus site:opensource.apple.gov
you'll probably find the source code reference.  And googling for the error message without that certainly finds plenty of references to discussion about it.

It's a harmless message, and if there is some legitimate reason for those to be set, you can either ignore it, or find the program that actually needed them set and create a wrapper script that sets them just for it, so they don't have to be set for everything else and generating needless messages (and just possibly causing other problems).  Most of the DYLD_ variables should be for debugging or working around some problem, NOT for use all the time with everything in a session.

As to what changed, no idea.  I'm running Lion (10.7.x), and have never seen those messages, although I knew they existed.  I've played with Mountain Lion a bit under Parallels too, and don't recall seeing it there either.  So I must not have done or installed whatever was setting those.





More information about the macports-users mailing list