how to invalidate DYLD_INSERT_LIBRARIES environment variable?

Question

Level 1

0 points

how to invalidate DYLD_INSERT_LIBRARIES environment variable?

I find that in Mountain Lion, DYLD_INSERT_LIBRARIES environment variable is ignored for some applications, like Safari.app, Screen Sharing.app. And after some study, I also know it is probably because that the app is code signed with some special entitlements.

Now I am trying to make this environment variable also ignored for my app. I tried to sign my app with some entitlements but this environment variable is not ignored. I have tried many entitlement keys listed in the apple doc and all failed.

I notice that Safari.app uses entitlement "<key>com.apple.private.accounts.allacounts</key>" and looks like it is apple perpriotary value and it is not listed in the app doc. I have ever tried to sign my app with this entitlement manually but the application cannot run (taskgated killed it).

so my questions is:

1. in order to invalidate DYLD_INSERT_LIBRARIES environment variable for my app, what entitlement key value should I use when signing my app?

2. what is the critetria that Mountain Lion uses to determine whether ignore this enviroment variable or not?

Thanks!

MacBook Pro, OS X Mountain Lion (10.8.2)

Posted on Jan 10, 2013 5:21 PM

Reply

Answer 1

LousyFool

Level 4

2,668 points

Jan 10, 2013 5:26 PM in response to maobeibei2

Is your Mac working okay?

Reply

Answer 2

etresoft

Level 9

56,674 points

Jan 11, 2013 3:58 PM in response to maobeibei2

What are you trying to do? DYLD_INSERT_LIBRARIES has noting to do with entitlements.

Reply

Answer 3

maobeibei2 Author

Level 1

0 points

Jan 11, 2013 4:16 PM in response to etresoft

DYLD_INSERT_LIBRARIES has nothing to do with entitlements. But that DYLD_INSERT_LIBRARIES is ignored does have something to do with entitlements. Look at the function pruneEnvironmentVariables(...) in dyld.cpp which is quoted as below:

static void pruneEnvironmentVariables(const char* envp[], const char*** applep)

{

// delete all DYLD_* and LD_LIBRARY_PATH environment variables

int removedCount = 0;

const char** d = envp;

for(const char** s = envp; *s != NULL; s++) {

if ( (strncmp(*s, "DYLD_", 5) != 0) && (strncmp(*s, "LD_LIBRARY_PATH=", 16) != 0) ) {

*d++ = *s;

}

else {

++removedCount;

}

*d++ = NULL;

if ( removedCount != 0 ) {

dyld::log("dyld: DYLD_ environment variables being ignored because ");

switch (sRestrictedReason) {

case restrictedNot:

break;

case restrictedBySetGUid:

dyld::log("main executable (%s) is setuid or setgid\n", sExecPath);

break;

case restrictedBySegment:

dyld::log("main executable (%s) has __RESTRICT/__restrict section\n", sExecPath);

break;

case restrictedByEntitlements:

dyld::log("main executable (%s) is code signed with entitlements\n", sExecPath);

break;

}

Reply

Answer 4

etresoft

Level 9

56,674 points

Jan 11, 2013 5:26 PM in response to maobeibei2

I stand corrected. How interesting. Are you sure it is the entitlements that are triggering that? See this Technote and turn on your DYLD logging to make sure.

Reply