From c6793f52b9a636b7df130d22b6e87e846245885d Mon Sep 17 00:00:00 2001
From: David Sherret <dsherret@users.noreply.github.com>
Date: Wed, 28 Aug 2024 21:11:37 -0400
Subject: fix(permissions): disallow any `LD_` or `DYLD_` prefixed env var
 without full --allow-run permissions (#25271)

Follow up to https://github.com/denoland/deno/pull/25221

I looked into what the list was and it was quite extensive, so I think
as suggested in
https://github.com/denoland/deno/issues/11964#issuecomment-2314585135 we
should disallow this for any `LD_` prefixed env var.
---
 tests/unit/os_test.ts | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'tests/unit')

diff --git a/tests/unit/os_test.ts b/tests/unit/os_test.ts
index 42b598511..9503f75d1 100644
--- a/tests/unit/os_test.ts
+++ b/tests/unit/os_test.ts
@@ -239,6 +239,11 @@ Deno.test(
   async function hostnameWithoutOtherNetworkUsages() {
     const { stdout } = await new Deno.Command(Deno.execPath(), {
       args: ["eval", "-p", "Deno.hostname()"],
+      env: {
+        LD_PRELOAD: "",
+        LD_LIBRARY_PATH: "",
+        DYLD_FALLBACK_LIBRARY_PATH: "",
+      },
     }).output();
     const hostname = new TextDecoder().decode(stdout).trim();
     assert(hostname.length > 0);
-- 
cgit v1.2.3