Preloading sandbox breaks ASAN tests in compiler-rt, so I'd like to disable it. However, no matter how hard I try this malware puts itself back in LD_PRELOAD... Please make it stop altering environment when explicitly disabled via SANDBOX_ON=0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=1b0f7b0d035a10ba172b659abbe425c8523bdb96 commit 1b0f7b0d035a10ba172b659abbe425c8523bdb96 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-02-12 18:14:07 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-02-12 19:05:27 +0000 Disable environment propagation if sandbox is disabled Do not enforce restoring sandbox variables in the environment if sandbox is explicitly disabled. This makes it possible to set SANDBOX_ON=0 and then unset LD_PRELOAD without having to resort to ugly hacks to prevent sandbox from restoring itself. The only limitation is that if user sets SANDBOX_ON=0 first, then wipes the environment, he will no longer be able to reenable sandbox via doing SANDBOX_ON=1. However, it is rather unlikely that such a thing would need to happen in real use. Bug: https://bugs.gentoo.org/592750 libsandbox/libsandbox.c | 5 +++++ 1 file changed, 5 insertions(+)}
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db22543396bba4574c1be797f502c5d535279174 commit db22543396bba4574c1be797f502c5d535279174 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-02-19 15:57:51 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-02-19 16:21:36 +0000 sys-apps/sandbox: Bump to 2.13 Closes: https://bugs.gentoo.org/592750 sys-apps/sandbox/Manifest | 1 + sys-apps/sandbox/sandbox-2.13.ebuild | 76 ++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+)