Bash variable of name starting with 'DYLD' is not loaded into environment: bug or feature?

Question

On MacOs, try the following:

export AYLD_VARIABLE=Aa
export BYLD_VARIABLE=Bb
export CYLD_VARIABLE=Cc
export DYLD_VARIABLE=Dd
export EYLD_VARIABLE=Ee
export FYLD_VARIABLE=Ff
env | grep VARIABLE

The variable DYLD_VARIABLE is not displayed among others. It can not be exported. However, it may be set and used:

   DYLD_VARIABLE=DdDd
   echo $DYLD_VARIABLE

It is just not present in env. I know, MacOs uses the acronym 'DYLD' while speaking on some internal files. But this prefix should not be discriminated.

It is not just an academic issue. I failed to do

export DYLD_LIBRARY_PATH=/Users/username/Downloads/instantclient_19_8

which is probably required to install DBD::Oracle for Perl. How to set it up ?

Answer 1

This is a feature of the hardened runtime environment. Several DYLD_* variables can be used to inject malicious libraries into trusted binaries, so those variables are removed when a binary that uses the hardened runtime environment loads (unless it has the com.apple.security.cs.allow-dyld-environment-variables or com.apple.security.get-task-allow entitlement).

I'm not familiar with how DBD::Oracle is set up, but if it depends on setting DYLD_* variables, it seriously needs to be rewritten to avoid that.

For more info, see Apple's developer documentation on the hardened runtime, and the WWDC19 presentation "All About Notarization" (starting at 16:19, or page 75 of the slide deck).