Add a way to whitelist variables from environment scrubbing
I want to use hardened_malloc along with a binary that is executed with environment scrubbing. To use hardened_malloc, I need to use LD_PRELOAD which environment scrubbing clears.
Because of this, it would be great if it was possible to whitelist specific environment variables from scrubbing. For example:
/bin/bash Pix allow_var="LD_PRELOAD=/usr/lib/libhardened_malloc.so",
This would allow me to execute bash with hardened_malloc but nothing else.
Using hardened_malloc system-wide is not an option due to the amount of breakage.