diff options
Diffstat (limited to 'manual')
-rw-r--r-- | manual/startup.texi | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/manual/startup.texi b/manual/startup.texi index 0420e93289..d0be5e65f4 100644 --- a/manual/startup.texi +++ b/manual/startup.texi @@ -310,11 +310,15 @@ character, since this is assumed to terminate the string. The value of an environment variable can be accessed with the @code{getenv} function. This is declared in the header file -@file{stdlib.h}. Modifications of enviroment variables are not -allowed in Multi-threaded programs. The @code{getenv} function -can be safely used in multi-threaded programs +@file{stdlib.h}. @pindex stdlib.h +Libraries should use @code{secure_getenv} instead of @code{getenv}, so +that they do not accidentally use untrusted environment variables. +Modifications of environment variables are not allowed in +multi-threaded programs. The @code{getenv} and @code{secure_getenv} +functions can be safely used in multi-threaded programs. + @comment stdlib.h @comment ISO @deftypefun {char *} getenv (const char *@var{name}) @@ -326,6 +330,18 @@ environment variable @var{name} is not defined, the value is a null pointer. @end deftypefun +@comment stdlib.h +@comment GNU +@deftypefun {char *} secure_getenv (const char *@var{name}) +This function is similar to @code{getenv}, but it returns a null +pointer if the environment is untrusted. This happens when the +program file has SUID or SGID bits set. General-purpose libraries +should always prefer this function over @code{getenv} to avoid +vulnerabilities if the library is referenced from a SUID/SGID program. + +This function is a GNU extension. +@end deftypefun + @comment stdlib.h @comment SVID |