From cf769c11b99abf71df6bf9528c8bf9956c7e18e0 Mon Sep 17 00:00:00 2001
From: "Jay Freeman (saurik)" <saurik@saurik.com>
Date: Fri, 3 Jul 2015 13:37:03 -0700
Subject: Restrict DYLD_ launchd injection in cydo's parent.

---
 cydo.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'cydo.cpp')

diff --git a/cydo.cpp b/cydo.cpp
index 6fcde15..6d33f94 100644
--- a/cydo.cpp
+++ b/cydo.cpp
@@ -68,6 +68,19 @@ int main(int argc, char *argv[]) {
         if (pid != parent)
             return;
 
+        auto variables(launch_data_dict_lookup(value, LAUNCH_JOBKEY_ENVIRONMENTVARIABLES));
+        if (variables != NULL && launch_data_get_type(variables) == LAUNCH_DATA_DICTIONARY) {
+            bool dyld(false);
+
+            launch_data_dict_iterate(variables, [&dyld](const char *name, launch_data_t value) {
+                if (strncmp(name, "DYLD_", 5) == 0)
+                    dyld = true;
+            });
+
+            if (dyld)
+                return;
+        }
+
         auto string(launch_data_dict_lookup(value, LAUNCH_JOBKEY_PROGRAM));
         if (string == NULL || launch_data_get_type(string) != LAUNCH_DATA_STRING) {
             auto array(launch_data_dict_lookup(value, LAUNCH_JOBKEY_PROGRAMARGUMENTS));
-- 
cgit v1.2.3