Allow DYLD_* in codex's shell

[amonks]

What version of Codex is running?

codex-cli 0.77.0

What subscription do you have?

usage tier 5

Which model were you using?

gpt-5.1-codex

What platform is your computer?

Darwin 25.1.0 arm64 arm

What issue are you seeing?

I'm working on something where I need to set DYLD_* environment variables. It looks like the process hardening crate prevents this.

What steps can reproduce the bug?

1. prompt ! DYLD_TEST=yes env | grep DYLD_TEST
2. with shell_environment_policy.set = { DYLD_TEST = "yes" }, prompt ! echo $DYLD_TEST

What is the expected behavior?

in both cases, I expect to see DYLD_TEST set to "yes", but it is unset.

Additional information

I understand not allowing DYLD_* (or LD_PRELOAD or whatever) in codex's own processes, but not allowing them in the shell seems unreasonable. Lots of tasks depend on these tools.

[johnzfitch]

Thank you @amonks this issue has a bigger surface area than this and I'm glad some others are starting to file reports too.

Original PR that introduced the problem:

• PR: #4521
• Commit: b8e1fe60c5af4439c7e159a49ba11a0ef3f7eb7c
• Date: September 30, 2025
• Author: Michael Bolin mbolin@openai.com
• Title: "fix: enable process hardening in Codex CLI for release builds"
• Rationale: "I don't believe there is any upside in making process hardening opt-in"

Why the original rationale was incorrect:

• CUDA development is not "tinkering" - it's mainstream ML/AI work
• "Build from source" is not viable for most enterprise/academic users
• Performance regression (11-300x) is severe and unacceptable
• Security benefit is minimal beyond existing Landlock/Seatbelt boundaries

This is not a new feature request. It is a request to restore the previous opt-in behavior from commit 0dd49683, which was reverted by commit b8e1fe60.