Module spawn 

Helpers for spawning subprocesses with skill/MCP-supplied environment maps.

Skill metadata (mcp.json, toolbox.json) is authored by third parties and only loosely trusted. The dynamic linker honours LD_PRELOAD / DYLD_INSERT_LIBRARIES and similar variables before any sandbox restriction runs in pre_exec, so a hostile skill that injects one of these env keys can hijack the spawned process and bypass Landlock / Seatbelt entirely.

Route every skill-controlled environment map through filter_unsafe_env before applying it to a Command.

Constants

UNSAFE_ENV_KEYS

Environment variable names the dynamic linker honours that, if attacker- controlled, can subvert the spawned process before any sandbox is applied.

Functions

filter_unsafe_env

Returns a copy of env with every dynamic-linker key from UNSAFE_ENV_KEYS removed. Dropped keys are returned as the second element so callers can tracing::warn! on them.

is_unsafe_env_key

True if k matches any entry in UNSAFE_ENV_KEYS (case-insensitive).