[petsc-dev] Mac OS X El Capitan does not propagate DYLD_LIBRARY_PATH from parent process

Barry Smith bsmith at mcs.anl.gov
Wed Oct 7 16:45:36 CDT 2015


> On Oct 7, 2015, at 4:12 PM, Jed Brown <jed at jedbrown.org> wrote:
> 
> "Andrs, David" <david.andrs at inl.gov> writes:
>> If we are trying to build PETSc (and I do not know how you guys are testing
>> that the complier works), it fails, because the build system no longer sees
>> the environment variable, because El Capitan removes that from the
>> environment of the child processes.
> 
> Well, it's removing DYLD_LIBRARY_PATH from the environment of child
> processes that it perceives as "scripts", but not from the environment
> of normal programs (like clang, Satish's example C program, etc.).  This
> seems like a comically ill-conceived idea that offers no practical
> security benefit, but I'd like to understand the intended semantics so
> that we can give clean instructions for working around it.

  I am putting my earplugs in so Jed's yelling won't deafen me.  It doesn't have anything to do with "scripts" or "normal programs", it depends on if they are "core"  "stuff" that Apple provides.

https://developer.apple.com/library/prerelease/mac/documentation/Security/Conceptual/System_Integrity_Protection_Guide/RuntimeProtections/RuntimeProtections.html#//apple_ref/doc/uid/TP40016462-CH3-SW1

  You can turn off all this extra protection stuff https://developer.apple.com/library/prerelease/mac/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html#//apple_ref/doc/uid/TP40016462-CH5-SW1

Presumably you could also install the latest python download (not from Apple) and it won't have this "protection".

  Barry







More information about the petsc-dev mailing list