Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mb9m6-0002N2-CA for pgsql-hackers@arkaria.postgresql.org; Thu, 14 Oct 2021 23:04:34 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1mb9m5-0002oP-9t for pgsql-hackers@arkaria.postgresql.org; Thu, 14 Oct 2021 23:04:33 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mb9m5-0002nn-1f for pgsql-hackers@lists.postgresql.org; Thu, 14 Oct 2021 23:04:33 +0000 Received: from sss.pgh.pa.us ([66.207.139.130]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mb9m3-00088p-2v for pgsql-hackers@postgresql.org; Thu, 14 Oct 2021 23:04:32 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 19EN4RnG909290; Thu, 14 Oct 2021 19:04:27 -0400 From: Tom Lane To: Thomas Munro cc: Andres Freund , John Naylor , pgsql-hackers Subject: Re: [RFC] building postgres with meson In-reply-to: <908066.1634251206@sss.pgh.pa.us> References: <20211012083721.hvixq4pnh2pixr3j@alap3.anarazel.de> <20211012205945.tkr6nam4ej2swram@alap3.anarazel.de> <20211013163721.oqwvztktwsym3iu4@alap3.anarazel.de> <20211013174246.zgp2sxdqsulhepea@alap3.anarazel.de> <906095.1634248849@sss.pgh.pa.us> <908066.1634251206@sss.pgh.pa.us> Comments: In-reply-to Tom Lane message dated "Thu, 14 Oct 2021 18:40:06 -0400" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <909288.1634252667.1@sss.pgh.pa.us> Date: Thu, 14 Oct 2021 19:04:27 -0400 Message-ID: <909289.1634252667@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk I wrote: > I recall that we figured out awhile ago that the environment gets trimmed > when make (or whatever) executes some command via the shell; seemingly, > Apple has decided that /bin/sh is a security-critical program that mustn't > be run with a non-default DYLD_LIBRARY_PATH. Dunno if that helps you > find where the damage is done exactly. BTW, here's the evidence for this theory: [tgl@pro ~]$ cat checkenv.c #include #include int main(int argc, char **argv) { char *pth = getenv("DYLD_LIBRARY_PATH"); if (pth) printf("DYLD_LIBRARY_PATH = %s\n", pth); else printf("DYLD_LIBRARY_PATH is unset\n"); return 0; } [tgl@pro ~]$ gcc checkenv.c [tgl@pro ~]$ ./a.out DYLD_LIBRARY_PATH is unset [tgl@pro ~]$ export DYLD_LIBRARY_PATH=/Users/tgl/pginstall/lib [tgl@pro ~]$ ./a.out DYLD_LIBRARY_PATH = /Users/tgl/pginstall/lib [tgl@pro ~]$ sh -c ./a.out DYLD_LIBRARY_PATH is unset [tgl@pro ~]$ ./a.out DYLD_LIBRARY_PATH = /Users/tgl/pginstall/lib [tgl@pro ~]$ bash -c ./a.out DYLD_LIBRARY_PATH is unset You have to check the environment using an "unprivileged" program. If you try to examine the environment using, say, "env", you will get very misleading results. AFAICT, /usr/bin/env is *also* considered security-critical, because I cannot get it to ever report that DYLD_LIBRARY_PATH is set. Hmm ... /usr/bin/perl seems to act the same way. It can see ENV{'PATH'} but not ENV{'DYLD_LIBRARY_PATH'}. This may indicate that they've applied this policy on a blanket basis to everything in /bin and /usr/bin (and other system directories, maybe), rather than singling out the shell. regards, tom lane