From nobody Fri Mar 10 21:39:22 2023
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PYKFZ1cx3z3xyJj
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Fri, 10 Mar 2023 21:39:30 +0000 (UTC)
	(envelope-from brooks@spindle.one-eyed-alien.net)
Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4PYKFY6xYNz4SJc
	for <freebsd-hackers@freebsd.org>; Fri, 10 Mar 2023 21:39:29 +0000 (UTC)
	(envelope-from brooks@spindle.one-eyed-alien.net)
Authentication-Results: mx1.freebsd.org;
	none
Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001)
	id A64213C0199; Fri, 10 Mar 2023 21:39:22 +0000 (UTC)
Date: Fri, 10 Mar 2023 21:39:22 +0000
From: Brooks Davis <brooks@freebsd.org>
To: Lucy Marsh <seafork@disroot.org>
Cc: freebsd-hackers@freebsd.org
Subject: Re: Adding the secure_getenv call to FreeBSD's libc
Message-ID: <ZAujisiQgadg/R4d@spindle.one-eyed-alien.net>
References: <64fc1989-aa35-7a5f-fc0a-bc649b68ecee@disroot.org>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <64fc1989-aa35-7a5f-fc0a-bc649b68ecee@disroot.org>
X-Rspamd-Queue-Id: 4PYKFY6xYNz4SJc
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:36236, ipnet:199.48.128.0/22, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On Fri, Mar 10, 2023 at 04:27:05PM -0500, Lucy Marsh wrote:
> Dear FreeBSD Hackers,
>=20
> I was wondering if adding the glibc extension call, `secure_getenv`, to=
=20
> FreeBSD's libc is allowed. Obviously, this would not only need to be=20
> permitted but also wanted. In that latter department, I could see the=20
> need arise for `secure_getenv` when porting applications written for=20
> Linux as they are often written targeting glibc. Also, this addition=20
> would bring us more inline with other libc implementations such as musl=
=20
> libc.

Looking at the musl implementation, it looks like this is part of a set
of environment (mostly path) hardening changes in libc.  On the whole
they seem like reasonable things to do if we haven't already done them
on an adhoc basis.

-- Brooks