Environment clearing broken in 7.0

Tue Jun 10 17:37:08 UTC 2008

On Tue, 2008-06-10 at 12:17 -0500, Sean C. Farley wrote:
> >> I suggest reading the two paragraphs from Open Group's getenv()[1]
> >> documentation starting at "Conforming applications are required not
> >> to modify environ directly, ..." for the rationale in the new design.
> >> Obviously, applications are not required to conform, but the
> >> documentation talks about what an OS may be doing under the covers to
> >> environ.
> >
> > How about implementing clearenv()? I'm using it now if it's available.
> 
> It is a thought.  It is not part of SUSv3, but there are many API calls
> in our libc that are not part of that spec.
> 
> Interestingly, clearenv() on Linux ends up setting environ=NULL.  Also,
> from the Linux man page:
> 
>      The DG/UX and Tru64 manpages write: If environ has been modified by
>      anything other than the putenv(), getenv(), or clearenv() functions,
>      then clearenv() will return an error and the process environment
>      will remain unchanged.
> 
> Hopefully, no libraries on these systems are manipulating environ else
> clearenv() will not work.

I don't think there's any other reason to do it than clearing it.

> > BTW. I wonder if this change breaks any applications where not
> > clearing environment could result in a security hole. As far as I know
> > FreeBSD 7.0 is the only modern OS where environ[0]=NULL doesn't work.
> 
> OpenSolaris also does not detect environ[0]=NULL.  Haiku[1], like MacOS,
> does not handle environ=NULL.  *sigh*  To support the most OS's I
> recommend the environ replacement such as in the static environ above.

Oh. I don't have OpenSolaris installed, but I would have thought that
since it worked in Solaris 10 it would have worked in OpenSolaris too.

> No guarantees, but I will do some research about detecting a NULL at
> environ[0] as another means of clearing the environment and/or writing
> an implementation of clearenv().  Of course, you will still have
> problems on OpenSolaris.  What are you planning to do there, or does it
> support cleanenv()?

I've changed my code now to do:

> environ = calloc(1, sizeof(*environ)); should work on all assuming NULL
> was not returned.

Hopefully that'll work for a few years. (I also use clearenv() if
detected by configure.)

> Does anyone know why clearenv() was rejected?  There is hardly a peep
> on
> the OpenGroup web site.

No idea, but I don't really understand why it returns int instead of
void. It shouldn't do more than free memory.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080610/48cd6e5c/attachment.pgp