|
|
|
|
|
|
by _jsn
4108 days ago
|
|
|
There are some mitigations for this already built in. "Sensitive" processes are disallowed from linking libraries relative to @rpath and friends. Excerpt from dyld.cpp: else if (sProcessIsRestricted && (path[0] != '/' )) {
throwf("unsafe use of relative rpath %s in %s with restricted binary", path, context.origin);
}
A cursory glance suggests that sProcessIsRestricted is true for setuid binaries and processes with restricted entitlements. Which makes sense: these would otherwise be privilege escalation vectors. |
|
|