我有一个Mac应用程序,该应用程序主要使用Xcode构建,该应用程序使用通过Lazarus通过Free Pascal构建的动态库(dylib)。当我打开Apple的“ Hardened Runtime”功能时,dylib停止工作,直到我选中了“ Allow DYLD Environment Variables”选项。这被描述为“允许应用程序受到DYLD环境变量的影响,该变量可用于将代码注入到流程中。”该代码注入位听起来像我想避免的事情。知道为什么会发生这种情况或对此我能做什么吗?
要回答评论中提出的一些问题:
我不确定到底是什么失败了,因为我没有写过dylib。它可能一直在尝试通过Internet与服务器通信。我现在所知道的是,它返回了意外且无用的错误代码。
该应用程序使用dlopen和dlsym调用dylib中的函数。 dylib位于应用程序的Contents / Frameworks子目录中。该应用程序未在Info.plist或代码中设置任何环境变量。
dylib的 otool -L
输出:
@rpath/lib<redacted>.dylib (compatibility version 0.0.0, current version 0.0.0)
/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa (compatibility version 1.0.0, current version 22.0.0)
/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1258.1.0)
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation (compatibility version 300.0.0, current version 1259.0.0)
/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit (compatibility version 45.0.0, current version 1404.47.0)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices (compatibility version 1.0.0, current version 48.0.0)
/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices (compatibility version 1.0.0, current version 728.13.0)
/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
主要执行程序的 otool -L
输出:
/System/Library/Frameworks/Security.framework/Versions/A/Security (compatibility version 1.0.0, current version 58286.251.4)
/System/Library/Frameworks/AVFoundation.framework/Versions/A/AVFoundation (compatibility version 1.0.0, current version 2.0.0)
/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox (compatibility version 1.0.0, current version 492.0.0)
/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate (compatibility version 1.0.0, current version 4.0.0)
/System/Library/Frameworks/CoreMedia.framework/Versions/A/CoreMedia (compatibility version 1.0.0, current version 1.0.0)
@rpath/Quesa.framework/Versions/A/Quesa (compatibility version 1.6.0, current version 2.0.0)
@executable_path/../Frameworks/Ming.framework/Versions/A/Ming (compatibility version 0.0.0, current version 0.0.0)
@rpath/SBEngineLib4.framework/Versions/A/SBEngineLib4 (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/Quartz.framework/Versions/A/Quartz (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libsqlite3.dylib (compatibility version 9.0.0, current version 274.22.0)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices (compatibility version 1.0.0, current version 50.1.0)
/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon (compatibility version 2.0.0, current version 158.0.0)
/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa (compatibility version 1.0.0, current version 23.0.0)
/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook (compatibility version 1.0.0, current version 1893.0.0)
/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration (compatibility version 1.0.0, current version 963.250.1)
/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit (compatibility version 1.0.0, current version 275.0.0)
/System/Library/Frameworks/WebKit.framework/Versions/A/WebKit (compatibility version 1.0.0, current version 607.1.40)
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation (compatibility version 300.0.0, current version 1570.15.0)
/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 400.9.4)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.250.1)
/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit (compatibility version 45.0.0, current version 1671.40.118)
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1570.15.0)
/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices (compatibility version 1.0.0, current version 944.3.0)
/System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo (compatibility version 1.2.0, current version 1.5.0)
/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore (compatibility version 1.2.0, current version 1.11.0)
更新:我在dlopen
处设置了一个断点,发现有问题的dylib试图按名称而不是完整路径打开另一个dylib libiconv.dylib
。事实证明,在没有特殊权利的情况下,在强化运行时中会失败。
答案 0 :(得分:1)
Free Pascal dylib显然仅使用文件名而不使用路径dlopen("libiconv.dylib", ...)
。这取决于dyld
在$LD_LIBRARY_PATH
,$DYLD_LIBRARY_PATH
,当前工作目录和$DYLD_FALLBACK_LIBRARY_PATH
中进行搜索(或者,如果最后一个未定义,则$HOME/lib
,{{1 }}和/usr/local/lib
)。
但是,如果没有“允许DYLD环境变量”授权,/usr/lib
将不会在任何地方搜索强化的运行时进程。只有完整路径可以使用。
必须以某种方式(如果可能的话)更改dylib,或者尽管存在风险(我认为不是特别严重),但您需要启用Allow DYLD环境变量。