sys-apps/sandbox: Stop sandbox-2.11 from ignoring LD_LIBRARY_PATH

[Peter-Levine]

Bug: https://bugs.gentoo.org/580726
Package-Manager: Portage-2.3.6, Repoman-2.3.2

Sandbox commit 55087abd8dc9802cf68cade776fe612a3f19f6a1 is for the purpose of preventing a loop or deadlock caused by a package implementing its own libc memory allocation functions, which themselves may call on a sandbox wrapped system calls, whose implementation depends on further calls to such memory functions. If any binaries export such symbols, sandbox assumes the worst and prevents loading of libsandbox.so and instead opts for ptrace.

In preventing the loading of libsandbox, it removes all variables whose env_pair.name field matches the name of an environment variable from the environment, for all env_pairs of vars[] in char **sb_check_envp(char **envp, size_t *mod_cnt, bool insert) in "libsandbox/libsandbox.c". This includes not just the usual environment variables prefixed with 'SANDBOX_' but also LD_PRELOAD and LD_LIBRARY_PATH. LD_PRELOAD clearly should be removed. But LD_LIBRARY_PATH would only seem to be trouble if used with LD_PRELOAD. As such it makes sense to me to prevent the removal of LD_LIBRARY_PATH.

Given the fact that the the positions of the env_pairs in vars[] are intended to be hard-coded (from libsandbox.c: /* Indices matter -- see init below */), this commit uses the index of the env_pair corresponding to LD_LIBRARY_PATH to prevent its removal.

Tested with www-client/seamonkey-2.49.3.0_p0.

[gentoo-repo-qa-bot]

Pull Request assignment

Areas affected: ebuilds
Packages affected: sys-apps/sandbox

sys-apps/sandbox: @gentoo/sandbox

[mgorny]

Please send a patch to sandbox@g.o. We have retaken the project and we're not going to be adding more local patches.