编辑:只要可执行文件是setuid,加载程序就会杀死所有DYLD_ *环境变量。从 dyld.cpp的源代码 :
// For security, setuid programs ignore DYLD_* environment variables. // Additionally, the DYLD_* enviroment variables are removed // from the environment, so that any child processes don't see them.
[原答案:]据 这篇文章由Sam Marshall撰写 ,你可以通过在名为“__RESTRICT”的二进制头中添加新的部分,并使用名为“__restrict”的部分来实现。你可以在Xcode中将它添加到“Other Linker Flags”中来执行此操作:
-Wl,-sectcreate,__RESTRICT,__restrict,/dev/null
忽略DYLD_LIBRARY_PATH的其他可能方法是将可执行文件设置为setuid或setgid,或使用权利签名。从 dyld.cpp的源代码 :
dyld::log("dyld: DYLD_ environment variables being ignored because "); switch (sRestrictedReason) { case restrictedNot: break; case restrictedBySetGUid: dyld::log("main executable (%s) is setuid or setgid\n", sExecPath); break; case restrictedBySegment: dyld::log("main executable (%s) has __RESTRICT/__restrict section\n", sExecPath); break; case restrictedByEntitlements: dyld::log("main executable (%s) is code signed with entitlements\n", sExecPath); break; }