mirror of https://github.com/openai/codex.git synced 2026-05-27 14:34:24 +00:00

Files

Felipe Coury 8a94430bb2 fix(process-hardening): preserve macos malloc diagnostics (#24479 )

## Summary

Follow-up to #24459 and partial behavioral revert of `a71fc47` / #16699.

- Stop removing `MallocStackLogging*` and `MallocLogFile*` from macOS
pre-main hardening.
- Remove documentation that claims Codex suppresses those allocator
diagnostic controls.
- Retain the shared `remove_env_vars_with_prefix` refactor and existing
`LD_` / `DYLD_` hardening.

## Why

#24459 fixes the composer-corruption problem at the terminal stderr
boundary while preserving redirected stderr. With that guard in place,
stripping macOS malloc diagnostic settings is unnecessary and can hide
diagnostics intentionally enabled by callers.

## Validation

- `just fmt`
- `just test -p codex-process-hardening`
- `just argument-comment-lint-from-source -p codex-process-hardening`
- `git diff --check`

2026-05-25 17:26:10 -03:00

src

fix(process-hardening): preserve macos malloc diagnostics (#24479 )

2026-05-25 17:26:10 -03:00

BUILD.bazel

feat: add support for building with Bazel (#8875 )

2026-01-09 11:09:43 -08:00

Cargo.toml

Disable empty Cargo test targets (#21584 )

2026-05-07 15:44:17 -07:00

README.md

fix(process-hardening): preserve macos malloc diagnostics (#24479 )

2026-05-25 17:26:10 -03:00

README.md

codex-process-hardening

This crate provides pre_main_hardening(), which is designed to be called pre-main() (using #[ctor::ctor]) to perform various process hardening steps, such as

disabling core dumps
disabling ptrace attach on Linux and macOS
removing dangerous environment variables such as LD_PRELOAD and DYLD_*