1 Reply Latest reply: May 9, 2007 3:31 PM by 576804 RSS

    Security Update 2007-004 and DYLD_LIBRARY_PATH

    439480
      Since installing the latest security update from Apple (2007-004), DYLD_LIBRARY_PATH isn't available to my application any more.
      This environment variable is defined in ~/.MacOSX/environment.plist

      The frontend application is developed in 4D using OCI client v 10. But I can't connect to my database any more after installing the update.
      Other variables (ORACLE_HOME etc) which are equally defined in environment.plist are still available, just DYLD_... is missing.
      I have a work around using a shell script or getting back to OCI v 8, but I don' like that for end user installations.

      Is there another solution available?

      TIA
      Koen Van Hooreweghe
      Compass bvba
        • 1. Re: Security Update 2007-004 and DYLD_LIBRARY_PATH
          576804
          Hi,

          we had the same issue that our applications which needs the oracle client did no longer work.
          We opened a bug at Apple and here is the answer from Apple.

          -----------------
          Due to a security exploit we prevent the use of changing the library
          path in environment.plist. Therefore this does not longer work after
          Security update 2007-04.
          There are two workarounds:

          a) setting LSEnvironment in the Info.plist for the app:

          http://developer.apple.com/documentation/MacOSX/Conceptual/BPRuntimeConfig/Articles/PListKeys.html

          or

          b) running sudo touch /var/db/.AllowDYLDEnvironmentVariables
          Note that b) reopens the security hole, which allows users to escalate privileges to root.
          -----------------------

          I tested that LSEnvironment stuff and it works.
          You have to add the following to the Info.plist from your application.

          <key>LSEnvironment</key>
          <dict>
          <key>DYLD_LIBRARY_PATH</key>
          <string>/Applications/Oracle/client_9.2.0.1/lib</string>
          </dict>



          cheers
          Marco