Q: Environment variables affecting multiple users in Sierra

Greetings,

I am developing a tool with launchd and bash which works this way:

First, on boot:

1. A LaunchDaemon runs a script upon boot

2. The script sets an environment variable via launchctl for a specific user

3. The environment variable is used by a daemon in my application suite which is configured to run as this user.

Then, on login:

1. A similar LaunchAgent runs a similar script upon login

2. The script sets the same environment variable via launchctl, but for the logged in user

3. The environment variable is used by the graphic application in my application suite when it is launched.

This environment variable tells the daemon/application to use a folder in the user's home directory as their working directory. Hence, it's crucial that these environment variables are set on a strictly per-session basis, so that the application suite only tries to read/write in the user's home directory.

This worked on OS X 10.11 El Captain without issue.

On OS X 10.12 Sierra, the system crumbles. Why? When the LaunchAgent is started, the environment variable is set propagates into the LaunchDaemon user's environment. Then, the daemon picks up on it and attempts to read and write into the newly logged in user's home directory, instead of the daemon user's directory, then gets denied access and logs errors.

It seems that, as far as non-graphic sessions are concerned, environment variables belong to all users who are not root. For example, if I log in to User 1's account in a regular graphic session, set an environment variable, then switch to a graphic session as User 2 (with or without logging out first) and try to get that environment variable, I'll get nothing. However, if I log in to my User 1 in a regular graphic session, launch a Terminal, set an environment variable, then switch to a User 2 in that terminal using su, and try to get that environment variable, I will get the value set by User 1. Same thing for daemons: If a daemon is launched as User 1, and User 2 who is logged in a graphic user session sets an environment variable, that daemon will have access to the value set by User 1. So far, all the tests I've done seem to indicate that this is a global problem and that it is new since to Mac OS Sierra.

I what I am asking is: Why is this happening? Is this a bug? Is this known? Is there a known workaround? Is this not a security concern of sorts?

Note that, throughout my post, I am always talking about environment variables set and obtained via launchctl.

Thank you.