On Sat, 2022-01-22 at 08:08 +0900, Dominique Martinet wrote: > Note if your goal is to protect yourself from LD_PRELOAD there isn't > much you can do at this level: the preload library just has to hook > over > all kind of exec() functions and they can add themselves back there.
Well "protect" not so much from a security PoV, but more in terms of accidentally set env vars. LD_PRELOAD was perhaps a bad example... POSIXLY_CORRECT is maybe a better one,... if set it alters the behaviour of some GNU stuff, that a script may want to protect itself from. Of course, one could easily just unset that single one, but depending on what one executes in a script there may be gazillion more env vars, that the executed stuff may use somehow. Cheers, Chris.
