Hi, On Sat, Sep 10, 2016 at 09:14:16AM -0700, Jeremy Huddleston Sequoia wrote: > No, the DYLD_INSERT_LIBRARIES approach is the right one here. > Interested users would need to disable SIP.
"Interested users" would be everybody who uses MacPorts. I'd vote against telling all our users to disable SIP. It's a useful security/safety feature and it even helps us because users can no longer mess up their /usr/bin. I don't see why the kernel, dyld, or whoever strips the flags could not just behave like running a copy of the binary at hand when it sees a DYLD variable, i.e. do the workaround we're doing manually at the moment. > It would be nice if a mechanism were in place to determine trust of > certain libraries in DYLD_INSERT_LIBRARIES. So you're suggesting DYLD_INSERT_LIBRARIES on SIP-protected binaries should only work if the inserted library is signed? How would that improve anything? Are you suggesting every open source project out there that uses library preloading now pays for a certificate and regularly builds and releases binaries for macOS? Frankly, I don't see that happening. > Please file radars and point me to them, so I can make sure they get > routed to the right place (likely as dupes, but dupes are very useful > "votes" for bugs). Those tickets have been filed when SIP was introduced and DYLD_INSERT_LIBRARIES stopped working. Evidently, it wasn't important enough to get fixed, so you'll forgive me if I have better things to do with my time. -- Clemens _______________________________________________ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev