From 4951d070c11f8da66e6ef5a1add2ab5095492933 Mon Sep 17 00:00:00 2001
From: Eric Traut <etraut@openai.com>
Date: Fri, 3 Apr 2026 09:33:27 -0700
Subject: [PATCH 1/3] Strip macOS malloc diagnostic env vars at startup

---
 codex-rs/process-hardening/README.md  |  3 +-
 codex-rs/process-hardening/src/lib.rs | 66 +++++++++++++++++++--------
 2 files changed, 48 insertions(+), 21 deletions(-)

diff --git a/codex-rs/process-hardening/README.md b/codex-rs/process-hardening/README.md
index 66a8060afa3..d64d945228c 100644
--- a/codex-rs/process-hardening/README.md
+++ b/codex-rs/process-hardening/README.md
@@ -4,4 +4,5 @@ This crate provides `pre_main_hardening()`, which is designed to be called pre-`
 
 - disabling core dumps
 - disabling ptrace attach on Linux and macOS
-- removing dangerous environment variables such as `LD_PRELOAD` and `DYLD_*`
+- removing dangerous or noisy environment variables such as `LD_PRELOAD`,
+  `DYLD_*`, and macOS malloc stack-logging controls
diff --git a/codex-rs/process-hardening/src/lib.rs b/codex-rs/process-hardening/src/lib.rs
index fb6145f1763..e5626857667 100644
--- a/codex-rs/process-hardening/src/lib.rs
+++ b/codex-rs/process-hardening/src/lib.rs
@@ -8,7 +8,8 @@ use std::os::unix::ffi::OsStrExt;
 /// various process hardening steps, such as
 /// - disabling core dumps
 /// - disabling ptrace attach on Linux and macOS.
-/// - removing dangerous environment variables such as LD_PRELOAD and DYLD_*
+/// - removing dangerous or noisy environment variables such as LD_PRELOAD,
+///   DYLD_*, and macOS malloc stack-logging controls
 pub fn pre_main_hardening() {
     #[cfg(any(target_os = "linux", target_os = "android"))]
     pre_main_hardening_linux();
@@ -57,13 +58,7 @@ pub(crate) fn pre_main_hardening_linux() {
 
     // Official Codex releases are MUSL-linked, which means that variables such
     // as LD_PRELOAD are ignored anyway, but just to be sure, clear them here.
-    let ld_keys = env_keys_with_prefix(std::env::vars_os(), b"LD_");
-
-    for key in ld_keys {
-        unsafe {
-            std::env::remove_var(key);
-        }
-    }
+    remove_env_vars_with_prefix(b"LD_");
 }
 
 #[cfg(any(target_os = "freebsd", target_os = "openbsd"))]
@@ -71,12 +66,7 @@ pub(crate) fn pre_main_hardening_bsd() {
     // FreeBSD/OpenBSD: set RLIMIT_CORE to 0 and clear LD_* env vars
     set_core_file_size_limit_to_zero();
 
-    let ld_keys = env_keys_with_prefix(std::env::vars_os(), b"LD_");
-    for key in ld_keys {
-        unsafe {
-            std::env::remove_var(key);
-        }
-    }
+    remove_env_vars_with_prefix(b"LD_");
 }
 
 #[cfg(target_os = "macos")]
@@ -96,13 +86,12 @@ pub(crate) fn pre_main_hardening_macos() {
 
     // Remove all DYLD_ environment variables, which can be used to subvert
     // library loading.
-    let dyld_keys = env_keys_with_prefix(std::env::vars_os(), b"DYLD_");
+    remove_env_vars_with_prefix(b"DYLD_");
 
-    for key in dyld_keys {
-        unsafe {
-            std::env::remove_var(key);
-        }
-    }
+    // Remove macOS malloc stack-logging controls so allocator diagnostics from
+    // Codex or inherited child processes do not get sprayed into the TUI.
+    remove_env_vars_with_prefix(b"MallocStackLogging");
+    remove_env_vars_with_prefix(b"MallocLogFile");
 }
 
 #[cfg(unix)]
@@ -127,6 +116,15 @@ pub(crate) fn pre_main_hardening_windows() {
     // TODO(mbolin): Perform the appropriate configuration for Windows.
 }
 
+#[cfg(unix)]
+fn remove_env_vars_with_prefix(prefix: &[u8]) {
+    for key in env_keys_with_prefix(std::env::vars_os(), prefix) {
+        unsafe {
+            std::env::remove_var(key);
+        }
+    }
+}
+
 #[cfg(unix)]
 fn env_keys_with_prefix<I>(vars: I, prefix: &[u8]) -> Vec<OsString>
 where
@@ -187,4 +185,32 @@ mod tests {
         assert_eq!(keys.len(), 1);
         assert_eq!(keys[0].as_os_str(), ld_test_var);
     }
+
+    #[test]
+    fn env_keys_with_prefix_matches_malloc_stack_logging_variants() {
+        let vars = vec![
+            (OsString::from("MallocStackLogging"), OsString::from("1")),
+            (
+                OsString::from("MallocStackLoggingNoCompact"),
+                OsString::from("1"),
+            ),
+            (
+                OsString::from("MallocLogFile"),
+                OsString::from("/tmp/malloc.log"),
+            ),
+            (OsString::from("MallocNanoZone"), OsString::from("0")),
+        ];
+
+        let stack_logging_keys = env_keys_with_prefix(vars.clone(), b"MallocStackLogging");
+        assert_eq!(
+            stack_logging_keys,
+            vec![
+                OsString::from("MallocStackLogging"),
+                OsString::from("MallocStackLoggingNoCompact"),
+            ]
+        );
+
+        let log_file_keys = env_keys_with_prefix(vars, b"MallocLogFile");
+        assert_eq!(log_file_keys, vec![OsString::from("MallocLogFile")]);
+    }
 }

From d0a9efd47e7d929e666cb5e89926a096bf0ff4db Mon Sep 17 00:00:00 2001
From: Eric Traut <etraut@openai.com>
Date: Fri, 3 Apr 2026 09:38:11 -0700
Subject: [PATCH 2/3] codex: remove low-value malloc env test

---
 codex-rs/process-hardening/src/lib.rs | 28 ---------------------------
 1 file changed, 28 deletions(-)

diff --git a/codex-rs/process-hardening/src/lib.rs b/codex-rs/process-hardening/src/lib.rs
index e5626857667..75b68ca0fa7 100644
--- a/codex-rs/process-hardening/src/lib.rs
+++ b/codex-rs/process-hardening/src/lib.rs
@@ -185,32 +185,4 @@ mod tests {
         assert_eq!(keys.len(), 1);
         assert_eq!(keys[0].as_os_str(), ld_test_var);
     }
-
-    #[test]
-    fn env_keys_with_prefix_matches_malloc_stack_logging_variants() {
-        let vars = vec![
-            (OsString::from("MallocStackLogging"), OsString::from("1")),
-            (
-                OsString::from("MallocStackLoggingNoCompact"),
-                OsString::from("1"),
-            ),
-            (
-                OsString::from("MallocLogFile"),
-                OsString::from("/tmp/malloc.log"),
-            ),
-            (OsString::from("MallocNanoZone"), OsString::from("0")),
-        ];
-
-        let stack_logging_keys = env_keys_with_prefix(vars.clone(), b"MallocStackLogging");
-        assert_eq!(
-            stack_logging_keys,
-            vec![
-                OsString::from("MallocStackLogging"),
-                OsString::from("MallocStackLoggingNoCompact"),
-            ]
-        );
-
-        let log_file_keys = env_keys_with_prefix(vars, b"MallocLogFile");
-        assert_eq!(log_file_keys, vec![OsString::from("MallocLogFile")]);
-    }
 }

From 2e226248b91011a4ae39921f26979d9973516325 Mon Sep 17 00:00:00 2001
From: Eric Traut <etraut@openai.com>
Date: Fri, 3 Apr 2026 10:58:07 -0700
Subject: [PATCH 3/3] codex: address PR review feedback (#16699)

---
 codex-rs/process-hardening/src/lib.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/codex-rs/process-hardening/src/lib.rs b/codex-rs/process-hardening/src/lib.rs
index 75b68ca0fa7..1c206aae875 100644
--- a/codex-rs/process-hardening/src/lib.rs
+++ b/codex-rs/process-hardening/src/lib.rs
@@ -89,7 +89,8 @@ pub(crate) fn pre_main_hardening_macos() {
     remove_env_vars_with_prefix(b"DYLD_");
 
     // Remove macOS malloc stack-logging controls so allocator diagnostics from
-    // Codex or inherited child processes do not get sprayed into the TUI.
+    // Codex or inherited child processes do not get sprayed into the TUI:
+    // https://github.com/openai/codex/issues/11555
     remove_env_vars_with_prefix(b"MallocStackLogging");
     remove_env_vars_with_prefix(b"MallocLogFile");
 }