Re: git: adeca21464d2 - main - Add GNU glibc compatible secure_getenv

From: Konstantin Belousov <kostikbel_at_gmail.com>
Date: Tue, 14 Mar 2023 09:11:01 UTC
On Tue, Mar 14, 2023 at 04:19:55AM +0000, Warner Losh wrote:
> The branch main has been updated by imp:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=adeca21464d25bc61f98968a5c1e76ab3c808ae4
> 
> commit adeca21464d25bc61f98968a5c1e76ab3c808ae4
> Author:     lucy <seafork@disroot.org>
> AuthorDate: 2023-03-13 22:01:12 +0000
> Commit:     Warner Losh <imp@FreeBSD.org>
> CommitDate: 2023-03-14 04:19:24 +0000
> 
>     Add GNU glibc compatible secure_getenv
>     
>     Add mostly glibc and msl compatible secure_getenv. Return NULL if
>     issetugid() indicates the process is tainted, otherwise getenv(x).  The
>     rational behind this is the fact that many Linux applications use this
>     function instead of getenv() as it's widely consider a, "best
>     practice".
>     
>     Reviewed by: imp, mjg (feedback)
>     Pull Request: https://github.com/freebsd/freebsd-src/pull/686
>     Signed-off-by: Lucy Marsh <seafork@disroot.org>
> ---
>  include/stdlib.h             |  1 +
>  lib/libc/stdlib/Makefile.inc |  4 ++--
>  lib/libc/stdlib/Symbol.map   |  1 +
>  lib/libc/stdlib/getenv.3     | 26 +++++++++++++++++++++++++-
>  lib/libc/stdlib/getenv.c     | 12 ++++++++++++
>  5 files changed, 41 insertions(+), 3 deletions(-)
> 
> diff --git a/include/stdlib.h b/include/stdlib.h
> index 01629ed84a11..c41e8704e810 100644
> --- a/include/stdlib.h
> +++ b/include/stdlib.h
> @@ -111,6 +111,7 @@ void	 qsort(void *, size_t, size_t,
>  	    int (* _Nonnull)(const void *, const void *));
>  int	 rand(void);
>  void	*realloc(void *, size_t) __result_use_check __alloc_size(2);
> +char	*secure_getenv(const char *);
The declaration must be put under BSD_VISIBLE.

>  void	 srand(unsigned);
>  double	 strtod(const char * __restrict, char ** __restrict);
>  float	 strtof(const char * __restrict, char ** __restrict);