fix: isolate host tools from target runtime env

Author: Sunrisepeak

src/platform/env.cppm

@@ -40,6 +40,7 @@ private:
 
 std::string path_list_separator();
 std::string runtime_library_path_key();
+std::string host_tool_runtime_library_path_key();
 std::string prepend_path_list(std::string_view key,
                               std::span<const std::filesystem::path> dirs);
 
@@ -123,6 +124,16 @@ std::string runtime_library_path_key() {
 #endif
 }
 
+std::string host_tool_runtime_library_path_key() {
+#if defined(__APPLE__)
+    return "DYLD_LIBRARY_PATH";
+#elif defined(__linux__)
+    return "LD_LIBRARY_PATH";
+#else
+    return "";
+#endif
+}
+
 std::string prepend_path_list(std::string_view key,
                               std::span<const std::filesystem::path> dirs) {
     if (key.empty() || dirs.empty()) return "";

src/platform/linux.cppm

@@ -19,6 +19,12 @@ export namespace mcpp::platform::linux_ {
 std::string build_ld_library_path_prefix(
     const std::vector<std::filesystem::path>& dirs);
 
+// Build an LD_LIBRARY_PATH shell prefix for toolchain host processes.
+// Unlike build_ld_library_path_prefix(), this does not append inherited
+// LD_LIBRARY_PATH, which may contain target-program runtime directories.
+std::string build_clean_ld_library_path_prefix(
+    const std::vector<std::filesystem::path>& dirs);
+
 // Return Linux toolchain runtime library directories.
 std::vector<std::filesystem::path>
 runtime_lib_dirs(const std::filesystem::path& toolchain_root);
@@ -29,16 +35,24 @@ runtime_lib_dirs(const std::filesystem::path& toolchain_root);
 
 namespace mcpp::platform::linux_ {
 
-std::string build_ld_library_path_prefix(
-    const std::vector<std::filesystem::path>& dirs)
-{
-#if defined(__linux__)
-    if (dirs.empty()) return "";
+namespace {
+
+std::string join_dirs(const std::vector<std::filesystem::path>& dirs) {
     std::string joined;
     for (auto& d : dirs) {
         if (!joined.empty()) joined += ':';
         joined += d.string();
     }
+    return joined;
+}
+
+} // namespace
+
+std::string build_ld_library_path_prefix(
+    const std::vector<std::filesystem::path>& dirs) {
+#if defined(__linux__)
+    if (dirs.empty()) return "";
+    auto joined = join_dirs(dirs);
     return std::format("env LD_LIBRARY_PATH={}${{LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}} ",
                        mcpp::platform::shell::quote(joined));
 #else
@@ -47,6 +61,19 @@ std::string build_ld_library_path_prefix(
 #endif
 }
 
+std::string build_clean_ld_library_path_prefix(
+    const std::vector<std::filesystem::path>& dirs) {
+#if defined(__linux__)
+    if (dirs.empty()) return "";
+    auto joined = join_dirs(dirs);
+    return std::format("env LD_LIBRARY_PATH={} ",
+                       mcpp::platform::shell::quote(joined));
+#else
+    (void)dirs;
+    return "";
+#endif
+}
+
 std::vector<std::filesystem::path>
 runtime_lib_dirs(const std::filesystem::path& toolchain_root) {
     std::vector<std::filesystem::path> dirs;

src/platform/process.cppm

@@ -30,6 +30,7 @@ module;
 export module mcpp.platform.process;
 
 import std;
+import mcpp.platform.env;
 
 export namespace mcpp::platform::process {
 
@@ -42,6 +43,11 @@ struct RunResult {
 // On POSIX, stdin is automatically redirected from /dev/null.
 RunResult capture(std::string_view command);
 
+// Run a host tool while clearing target runtime library search variables.
+// This prevents target/program LD_LIBRARY_PATH from poisoning system tools
+// such as sha256sum, compiler probes, env, or the shell itself.
+RunResult capture_host_tool(std::string_view command);
+
 // Run `command` with extra environment variables (additive).
 // Windows: _putenv_s (mutates calling process env).
 // POSIX: prefixes command with VAR=val tokens (no mutation).
@@ -126,6 +132,14 @@ RunResult capture(std::string_view command) {
     return result;
 }
 
+RunResult capture_host_tool(std::string_view command) {
+    auto key = mcpp::platform::env::host_tool_runtime_library_path_key();
+    std::optional<mcpp::platform::env::ScopedEnv> runtime_env;
+    if (!key.empty())
+        runtime_env.emplace(key, std::nullopt);
+    return capture(command);
+}
+
 RunResult capture_with_env(
     std::string_view command,
     const std::vector<std::pair<std::string, std::string>>& env)

src/pm/publisher.cppm

@@ -206,7 +206,7 @@ std::string sha256_of_file(const std::filesystem::path& file) {
     if (!std::filesystem::exists(file)) return {};
     auto cmd = std::format("sha256sum {} 2>/dev/null",
         mcpp::platform::shell::quote(file.string()));
-    auto r = mcpp::platform::process::capture(cmd);
+    auto r = mcpp::platform::process::capture_host_tool(cmd);
     if (r.exit_code != 0) return {};
     // sha256sum format: "<64-hex>  <filename>\n"
     auto sp = r.output.find(' ');

src/toolchain/probe.cppm

@@ -88,13 +88,13 @@ std::string join_colon_paths(const std::vector<std::filesystem::path>& dirs) {
 }
 
 std::string env_prefix_for_dirs(const std::vector<std::filesystem::path>& dirs) {
-    return mcpp::platform::linux_::build_ld_library_path_prefix(dirs);
+    return mcpp::platform::linux_::build_clean_ld_library_path_prefix(dirs);
 }
 
 } // namespace
 
 std::expected<std::string, DetectError> run_capture(const std::string& cmd) {
-    auto r = mcpp::platform::process::capture(cmd);
+    auto r = mcpp::platform::process::capture_host_tool(cmd);
     if (r.exit_code != 0 && r.output.empty()) {
         return std::unexpected(DetectError{std::format("failed to execute: {}", cmd)});
     }

tests/unit/test_toolchain_detect.cpp

@@ -1,6 +1,7 @@
 #include <gtest/gtest.h>
 
 import std;
+import mcpp.platform.env;
 import mcpp.toolchain.detect;
 import mcpp.toolchain.probe;
 
@@ -52,6 +53,14 @@ esac
     return clang;
 }
 
+std::filesystem::path make_hostile_ld_dir() {
+    auto dir = std::filesystem::temp_directory_path()
+             / std::format("mcpp_hostile_ld_{}", std::random_device{}());
+    std::filesystem::create_directories(dir);
+    std::ofstream(dir / "libc.so.6").close();
+    return dir;
+}
+
 } // namespace
 
 #if !defined(_WIN32)
@@ -70,6 +79,22 @@ TEST(ToolchainDetect, ClangVersionOutputIsNotMisclassifiedByGccPaths) {
 }
 #endif // !defined(_WIN32)
 
+#if defined(__linux__)
+TEST(ToolchainDetect, IgnoresTargetRuntimeLibraryPathDuringProbe) {
+    auto clang = make_fake_clang();
+    TempDirGuard cleanup_clang{clang.parent_path()};
+    auto hostile = make_hostile_ld_dir();
+    TempDirGuard cleanup_ld{hostile};
+
+    mcpp::platform::env::ScopedEnv ld("LD_LIBRARY_PATH", hostile.string());
+
+    auto tc = detect(clang);
+    ASSERT_TRUE(tc.has_value()) << tc.error().message;
+    EXPECT_EQ(tc->compiler, CompilerId::Clang);
+    EXPECT_EQ(tc->targetTriple, "x86_64-unknown-linux-gnu");
+}
+#endif // defined(__linux__)
+
 // ─── normalize_driver_output: path-free semantic identity ─────────────
 //
 // Background: the toolchain fingerprint used to hash the compiler binary

tests/unit/test_xpkg_emit.cpp

@@ -3,6 +3,7 @@
 import std;
 import mcpp.manifest;
 import mcpp.modgraph.graph;
+import mcpp.platform.env;
 import mcpp.publish.xpkg_emit;
 
 using namespace mcpp::publish;
@@ -120,6 +121,31 @@ TEST(XpkgEmit, Sha256OfFile) {
 }
 #endif // !defined(_WIN32)
 
+#if defined(__linux__)
+TEST(XpkgEmit, Sha256OfFileIgnoresTargetRuntimeLibraryPath) {
+    using namespace mcpp::publish;
+
+    auto hostile = std::filesystem::temp_directory_path()
+                 / std::format("mcpp_hostile_ld_{}", std::random_device{}());
+    std::filesystem::create_directories(hostile);
+    { std::ofstream(hostile / "libc.so.6").close(); }
+
+    auto p = std::filesystem::temp_directory_path()
+           / std::format("mcpp_unit_sha_hostile_{}", std::random_device{}());
+    { std::ofstream(p).close(); }
+
+    {
+        mcpp::platform::env::ScopedEnv ld("LD_LIBRARY_PATH", hostile.string());
+        EXPECT_EQ(sha256_of_file(p),
+                  "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
+    }
+
+    std::error_code ec;
+    std::filesystem::remove(p, ec);
+    std::filesystem::remove_all(hostile, ec);
+}
+#endif // defined(__linux__)
+
 TEST(XpkgEmit, LongBracketSequenceInValueIsHarmless) {
     // We emit `"..."` strings, not `[[...]]`, so a literal `]=]` in
     // user data can't terminate the literal early. Just make sure it