d3ff668f68
As explained in https://github.com/openai/codex/issues/8945 and https://github.com/openai/codex/issues/8472, there are legitimate cases where users expect processes spawned by Codex to inherit environment variables such as `LD_LIBRARY_PATH` and `DYLD_LIBRARY_PATH`, where failing to do so can cause significant performance issues. This PR removes the use of `codex_process_hardening::pre_main_hardening()` in Codex CLI (which was added not in response to a known security issue, but because it seemed like a prudent thing to do from a security perspective: https://github.com/openai/codex/pull/4521), but we will continue to use it in `codex-responses-api-proxy`. At some point, we probably want to introduce a slightly different version of `codex_process_hardening::pre_main_hardening()` in Codex CLI that excludes said environment variables from the Codex process itself, but continues to propagate them to subprocesses. |
||
|---|---|---|
| .. | ||
| src | ||
| tests | ||
| Cargo.toml | ||