[yocto] building on os x
Clemens Lang
clemens.lang at bmw-carit.de
Mon Jan 4 00:58:21 PST 2016
On Mon, Dec 21, 2015 at 11:24:52AM +0000, Burton, Ross wrote:
> Well with El Capitan's improved security apparently crippling
> LD_PRELOAD (so I hear, unverified currently), Pseudo won't work, which
> means an alternative will need to be researched and implemented.
El Capitan has "System Integrity Protection", which is a flag on certain
files that now no longer can be changed, even with root privileges.
Pretty much all binaries in /usr/bin and /bin have this flag set, so it
does affect common things like the shell and compilers. The kernel
strips any variables affecting the loader (including
DYLD_INSERT_LIBRARIES, OS X' equivalent to LD_PRELOAD) when executables
with the SIP flag are started. So yes, this effectively kills library
preloading on OS X for anything but your own binaries.
I implemented a workaround in MacPorts, where we also use library
preloading for sanity checks that works by copying affected executables
(thus stripping the flag) and then running the copy instead. Of course,
this requires hooking execve(2) and posix_spawn(2), which I don't think
pseudo does at the moment.
The commit doing most of the grunt work is at
http://trac.macports.org/changeset/141420
if somebody wants to give this a shot.
HTH,
Clemens
--
Clemens Lang • Development Specialist
BMW Car IT GmbH • Lise-Meitner-Str. 14 • 89081 Ulm • http://bmw-carit.com
-------------------------------------------------------------------------
BMW Car IT GmbH
Geschäftsführer: Michael Würtenberger und Reinhard Stolle
Sitz und Registergericht: München HRB 134810
-------------------------------------------------------------------------
More information about the yocto
mailing list