git: d5df26858420 - main - secure_getenv: Improve documentation wording
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 25 Mar 2023 17:08:10 UTC
The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=d5df268584209c448d2e3f344b8b15c944e48b82 commit d5df268584209c448d2e3f344b8b15c944e48b82 Author: Warner Losh <imp@FreeBSD.org> AuthorDate: 2023-03-14 17:02:07 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2023-03-25 17:06:13 +0000 secure_getenv: Improve documentation wording Improve the documentation wording to be more consistent with FreeBSD manual pages. Suggested by: mjg (though reworded) Sponsored by: Netflix --- lib/libc/stdlib/getenv.3 | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/lib/libc/stdlib/getenv.3 b/lib/libc/stdlib/getenv.3 index 93c0d2ada6ad..46736635da47 100644 --- a/lib/libc/stdlib/getenv.3 +++ b/lib/libc/stdlib/getenv.3 @@ -32,7 +32,7 @@ .\" @(#)getenv.3 8.2 (Berkeley) 12/11/93 .\" $FreeBSD$ .\" -.Dd March 13, 2023 +.Dd March 14, 2023 .Dt GETENV 3 .Os .Sh NAME @@ -81,19 +81,16 @@ to by the .Fn getenv function. .Pp -The GNU-specific function, -.Fn secure_getenv -wraps the -.Fn getenv -function to prevent it from being run in "secure execution". -Unlike in glibc, +The .Fn secure_getenv -only checks if the -.Fa setuid -and -.Fa setgid -bits have been set or changed. -These checks are subject to extension and change. +returns +.Va NULL +when the environment cannot be trusted, otherwise it acts like +.Fn getenv . +The environment currently is not trusted when +.Xr issetugid 3 +returns a non-zero value, but other conditions may be added +in the future. .Pp The .Fn setenv @@ -222,6 +219,9 @@ and .Fn unsetenv functions conforms to .St -p1003.1-2001 . +The +.Fn secure_getenv +function is expected to be glibc-compatible. .Sh HISTORY The functions .Fn setenv @@ -249,7 +249,9 @@ specification. .Pp The .Fn clearenv -was added in +and +.Fn secure_getenv +functions were added in .Fx 14 . .Sh BUGS Successive calls to