On Mon, Dec 21, 2015 at 11:24:52AM +0000, Burton, Ross wrote: > Well with El Capitan's improved security apparently crippling > LD_PRELOAD (so I hear, unverified currently), Pseudo won't work, which > means an alternative will need to be researched and implemented.
El Capitan has "System Integrity Protection", which is a flag on certain files that now no longer can be changed, even with root privileges. Pretty much all binaries in /usr/bin and /bin have this flag set, so it does affect common things like the shell and compilers. The kernel strips any variables affecting the loader (including DYLD_INSERT_LIBRARIES, OS X' equivalent to LD_PRELOAD) when executables with the SIP flag are started. So yes, this effectively kills library preloading on OS X for anything but your own binaries. I implemented a workaround in MacPorts, where we also use library preloading for sanity checks that works by copying affected executables (thus stripping the flag) and then running the copy instead. Of course, this requires hooking execve(2) and posix_spawn(2), which I don't think pseudo does at the moment. The commit doing most of the grunt work is at http://trac.macports.org/changeset/141420 if somebody wants to give this a shot. HTH, Clemens -- Clemens Lang • Development Specialist BMW Car IT GmbH • Lise-Meitner-Str. 14 • 89081 Ulm • http://bmw-carit.com ------------------------------------------------------------------------- BMW Car IT GmbH Geschäftsführer: Michael Würtenberger und Reinhard Stolle Sitz und Registergericht: München HRB 134810 ------------------------------------------------------------------------- -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto