csrutil binary is not marked as restricted, uses DYLD_LIBRARY_PATH overrides
| Originator: | owen.pragel | ||
| Number: | rdar://29348862 | Date Originated: | 20-Nov-2016 |
| Status: | Open | Resolved: | |
| Product: | macOS | Product Version: | 16B2659 |
| Classification: | Security | Reproducible: | Always |
Summary: csrutil is not marked as restricted to the dynamic linker, and will use DYLD_LIBRARY_PATH overrides if defined. Steps to Reproduce: 1. Define DYLD_LIBRARY_PATH in environment variables, for example, one that includes /opt/local/lib. 2. As an example, libJPEG.dylib is included under /opt/local/lib. 3. Run csrutil status, and receive an error if the third-party libJPEG.dylib isn't compatible. $ csrutil status dyld: Symbol not found: __cg_jpeg_resync_to_restart Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO Expected in: /opt/local/lib//libJPEG.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO Abort trap: 6 (core dumped) Expected Results: $ csrutil status csrutil is restricted, and uses the right dylib. Then produces SIP status. Actual Results: $ csrutil status dyld: Symbol not found: __cg_jpeg_resync_to_restart Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO Expected in: /opt/local/lib//libJPEG.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO Abort trap: 6 (core dumped) Version: 16B2659 Notes: Configuration: DYLD_LIBRARY_PATH is defined, third party libJPEG.dylib exists under DYLD_LIBRARY_PATH. Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!