Re: git: adeca21464d2 - main - Add GNU glibc compatible secure_getenv

From: Warner Losh <imp_at_bsdimp.com>
Date: Tue, 14 Mar 2023 16:30:59 UTC
On Tue, Mar 14, 2023 at 3:11 AM Konstantin Belousov <kostikbel@gmail.com>
wrote:

> On Tue, Mar 14, 2023 at 04:19:55AM +0000, Warner Losh wrote:
> > The branch main has been updated by imp:
> >
> > URL:
> https://cgit.FreeBSD.org/src/commit/?id=adeca21464d25bc61f98968a5c1e76ab3c808ae4
> >
> > commit adeca21464d25bc61f98968a5c1e76ab3c808ae4
> > Author:     lucy <seafork@disroot.org>
> > AuthorDate: 2023-03-13 22:01:12 +0000
> > Commit:     Warner Losh <imp@FreeBSD.org>
> > CommitDate: 2023-03-14 04:19:24 +0000
> >
> >     Add GNU glibc compatible secure_getenv
> >
> >     Add mostly glibc and msl compatible secure_getenv. Return NULL if
> >     issetugid() indicates the process is tainted, otherwise getenv(x).
> The
> >     rational behind this is the fact that many Linux applications use
> this
> >     function instead of getenv() as it's widely consider a, "best
> >     practice".
> >
> >     Reviewed by: imp, mjg (feedback)
> >     Pull Request: https://github.com/freebsd/freebsd-src/pull/686
> >     Signed-off-by: Lucy Marsh <seafork@disroot.org>
> > ---
> >  include/stdlib.h             |  1 +
> >  lib/libc/stdlib/Makefile.inc |  4 ++--
> >  lib/libc/stdlib/Symbol.map   |  1 +
> >  lib/libc/stdlib/getenv.3     | 26 +++++++++++++++++++++++++-
> >  lib/libc/stdlib/getenv.c     | 12 ++++++++++++
> >  5 files changed, 41 insertions(+), 3 deletions(-)
> >
> > diff --git a/include/stdlib.h b/include/stdlib.h
> > index 01629ed84a11..c41e8704e810 100644
> > --- a/include/stdlib.h
> > +++ b/include/stdlib.h
> > @@ -111,6 +111,7 @@ void       qsort(void *, size_t, size_t,
> >           int (* _Nonnull)(const void *, const void *));
> >  int   rand(void);
> >  void *realloc(void *, size_t) __result_use_check __alloc_size(2);
> > +char *secure_getenv(const char *);
> The declaration must be put under BSD_VISIBLE.
>

Thanks. https://reviews.freebsd.org/D39076


> >  void  srand(unsigned);
> >  double        strtod(const char * __restrict, char ** __restrict);
> >  float         strtof(const char * __restrict, char ** __restrict);
>