This might seem flippant, but it's very serious. My use case, this is literally torturing me to death: We have a language (Allegro Common Lisp) which has a module for making SSL connections. This module is requires OpenSSL. We don't want to supply OpenSSL with our product for obvious reasons--I'm not going to go into that here. So, what's the problem? Well, first, the problem is that Apple decided long ago to not allow developers to build against their version of SSL (which is based on LibreSSL). So, we must depend on Macports or Homebrew for the installation of OpenSSL. Those libraries are in non-standard places and require DYLD_LIBRARY_PATH to be set so that the libraries can be dynamically loaded. The problem is, with SIP, any environment variables that start with DYLD_ or LD_ are stripped from the environment passed to programs. That is, if I set DYLD_LIBRARY_PATH in BASH and start my product, I can't load a signed .dylib that depends on some version of the OpenSSL libraries. To make matters worse, this works on macOS 11.6.5 (20G527) x86_64: DYLD_LIBRARY_PATH=... ./mlisp (sys:getenv "DYLD_LIBRARY_PATH")` That is, it returns the value ... set on the command line. It does not work on macOS 11.6.5 (20G527) arm64. To dynamically load the OpenSSL libraries, we have a glue library (that adds functionality) called acliss11.dylib which depends on @rpath/libssl.1.1.dylib and @rpath/libcrypto.1.1.dylib. For x86_64 we have a solution, but the same solution does NOT work for arm64. How are we supposed to do this?