[Feature Request] Enable preload mode on macOS with SIP disabled

[ZeppLu]

Describe the bug

Currently bear silently enforces wrapper mode on macOS. This behavior causes cross compilers (eg mingw) fail to be recognized.

However, if SIP is disabled, we can actually use DYLD_INSERT_LIBRARIES without any problem. Here is a minimal example:

~/Documents/preload-test cat main.c 
#include <stdio.h>

void impossible() {
        printf("hijack succ\n");
}

int main() {
        return 0;
}
~/Documents/preload-test clang main.c -O0 -o main                                  
~/Documents/preload-test cat preload.c 
extern void impossible();

__attribute__((destructor)) void deinit() {
        impossible();
}
~/Documents/preload-test clang preload.c -O0 -shared -Wl,-U,_impossible -o preload.dylib 
~/Documents/preload-test DYLD_INSERT_LIBRARIES=preload.dylib ./main                     
hijack succ

Expected behavior

On macOS, dynamically check for SIP status at runtime, to determine whether we can use preload mode.

Additionally, a warning log when wrapper mode is being enforced would be helpful

Environment:

• OS name: macOS
• OS version: Sonoma 14.1.2
• OS architecture: x86_64
• Bear version: 3.1.3
• Bear install method: macports

[rizsotto]

Yes, the previous version of Bear was doing this. The SIP enabled just become so dominant that had to come up with the compiler wrappers. But it's feasible to enable it again.

[ZeppLu]

Notes after some investigation (currently too busy to work on it):

csrutil enable --without debug is sufficient for DYLD_* environment variables to work

This gist can check SIP status programatically, and the above configuration corresponds to CSR_ALLOW_TASK_FOR_PID bit