Robert Haas <robertmh...@gmail.com> writes: > ... it turns out that System Integrity Protection > feature *also* prevents DYLD_LIBRARY_PATH from being inherited by > child processes in some manner.
Yeah, this was already known and documented on the lists a year or two back. I suggest filing a bug report with Apple; if enough people bitch about it, maybe they'll rethink. (I don't have much hope for that, mind you, but they certainly won't change this without a boatload of complaints.) https://www.postgresql.org/message-id/26098.1446697...@sss.pgh.pa.us > My main purpose in writing this email is to pass along what I learned > in the hopes of sparing somebody else some trouble, but perhaps there > is a way to modify our regression test setup so that the tests can > pass with System Integrity Protection enabled. Not really. If you want it to take libpq.dylib from the build tree, rather than some already-installed location, there is no other option but DYLD_LIBRARY_PATH. The really annoying thing is that there's no particular security advantage to be gained by not passing it through bash invocations. If they're not resetting PATH in such cases, which they aren't, where the heck is the incremental gain from resetting DYLD_LIBRARY_PATH? A bad guy in control of the process environment has already won. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers