shellenv: prefer lsof to ps to read the command for a process

[bolinfest]

Currently, shellenv.sh is frequently run as part of a user's ~/.zprofile,
which includes the following line:

HOMEBREW_SHELL_NAME="$(/bin/ps -p "${PPID}" -c -o comm=)"

Indeed, if I run the following from zsh, this reports zsh (or -zsh), as expected:

$ bash -c '/bin/ps -p "${PPID}" -c -o comm='
-zsh

Though /bin/ps is a setuid binary:

$ stat -f "%Sp" /bin/ps
-rwsr-xr-x

Which means that it cannot be run under macOS Seatbelt unless explicit support
is added to the Seatbelt policy to run it outside of the sandbox:

(allow process-exec (path "/bin/ps") (with no-sandbox))

Though this is somewhat undesirable because /bin/ps makes it possible to
dump environment variables from processes, which often includes sensitive
information such as API keys.

By comparison, /usr/sbin/lsof is not setuid:

$ stat -f "%Sp" /usr/sbin/lsof
-rwxr-xr-x

And the proposed change yields the same information (without the leading hyphen):

$ bash -c '/usr/sbin/lsof -p "$PPID" -a -d cwd -Fc | /usr/bin/sed -n "s/^c//p"'
zsh

Overall, this would make it possible to invoke zsh -lc under Seatbelt for
users who run shellenv.sh in their ~/.zprofile without having to use a less
restrictive Seatbelt policy.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[MikeMcQuaid]

Thanks!