From 138024d74ce4c08783bfab34be199063b721a84a Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Fri, 20 Sep 2013 17:43:11 -0700
Subject: [PATCH] core: Unset DYLD_LIBRARY_PATH if setuid/setgid [GH-2243]

---
 CHANGELOG.md                   | 2 ++
 lib/vagrant/util/subprocess.rb | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 07632c3a0..c5b2b8f45 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,8 @@ BUG FIXES:
   - core: Don't output `\e[0K` anymore on Windows. [GH-2246]
   - core: Only modify `DYLD_LIBRARY_PATH` on Mac when executing commands
     in the installer context. [GH-2231]
+  - core: Clear `DYLD_LIBRARY_PATH` on Mac if the subprocess is executing
+    a setuid or setgid script. [GH-2243]
   - hosts/arch: Vagrant won't crash on Arch anymore. [GH-2233]
 
 ## 1.3.3 (September 18, 2013)
diff --git a/lib/vagrant/util/subprocess.rb b/lib/vagrant/util/subprocess.rb
index 787b437d9..99e408080 100644
--- a/lib/vagrant/util/subprocess.rb
+++ b/lib/vagrant/util/subprocess.rb
@@ -85,6 +85,11 @@ module Vagrant
           else
             @logger.debug("Command not in installer, not touching env vars.")
           end
+
+          if File.setuid?(@command[0]) || File.setgid?(@command[0])
+            @logger.info("Command is setuid/setgid, clearing DYLD_LIBRARY_PATH")
+            process.environment["DYLD_LIBRARY_PATH"] = ""
+          end
         end
 
         # Set the environment on the process if we must