about summary refs log tree commit diff
path: root/include/unistd.h
Commit message (Collapse)AuthorAgeFilesLines
* add issetugid function to check for elevated privilegeBrent Cook2014-07-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this function provides a way for third-party library code to use the same logic that's used internally in libc for suppressing untrusted input/state (e.g. the environment) when the application is running with privleges elevated by the setuid or setgid bit or some other mechanism. its semantics are intended to match the openbsd function by the same name. there was some question as to whether this function is necessary: getauxval(AT_SECURE) was proposed as an alternative. however, this has several drawbacks. the most obvious is that it asks programmers to be aware of an implementation detail of ELF-based systems (the aux vector) rather than simply the semantic predicate to be checked. and trying to write a safe, reliable version of issetugid in terms of getauxval is difficult. for example, early versions of the glibc getauxval did not report ENOENT, which could lead to false negatives if AT_SECURE was not present in the aux vector (this could probably only happen when running on non-linux kernels under linux emulation, since glibc does not support linux versions old enough to lack AT_SECURE). as for musl, getauxval has always properly reported errors, but prior to commit 7bece9c2095ee81f14b1088f6b0ba2f37fecb283, the musl implementation did not emulate AT_SECURE if missing, which would result in a false positive. since musl actually does partially support kernels that lack AT_SECURE, this was problematic. the intent is that library authors will use issetugid if its availability is detected at build time, and only fall back to the unreliable alternatives on systems that lack it. patch by Brent Cook. commit message/rationale by Rich Felker.
* remove unsupported nonstandard sysconf macros and their table entriesRich Felker2014-05-191-60/+0
| | | | | | | | | | | | | | | | | | | | | | some of these may have been from ancient (pre-SUSv2) POSIX versions; more likely, they were from POSIX drafts or glibc interpretations of what ancient versions of POSIX should have added (instead they made they described functionality mandatory and/or dropped it completely). others are purely glibc-isms, many of them ill-thought-out, like providing ways to lookup the min/max values of types at runtime (despite the impossibility of them changing at runtime and the impossibility of representing ULONG_MAX in a return value of type long). since our sysconf implementation does not support or return meaningful values for any of these, it's harmful to have the macros around; applications' build scripts may detect and attempt to use them, only to get -1/EINVAL as a result. if removing them does break some applications, and it's determined that the usage was reasonable, some of these could be added back on an as-needed basis, but they should return actual meaningful values, not junk like they were returning before.
* expose public execvpe interfaceM Farkas-Dyck2014-04-201-0/+1
|
* add posix_close, accepted for inclusion in the next issue of POSIXRich Felker2013-12-061-0/+3
| | | | | this is purely a wrapper for close since Linux does not support EINTR semantics for the close syscall.
* restore type of NULL to void * except when used in C++ programsRich Felker2013-11-241-0/+4
| | | | | | | | | | | | | | unfortunately this eliminates the ability of the compiler to diagnose some dangerous/incorrect usage, but POSIX requires (as an extension to the C language, i.e. CX shaded) that NULL have type void *. plain C allows it to be defined as any null pointer constant. the definition 0L is preserved for C++ rather than reverting to plain 0 to avoid dangerous behavior in non-conforming programs which use NULL as a variadic sentinel. (it's impossible to use (void *)0 for C++ since C++ lacks the proper implicit pointer conversions, and other popular alternatives like the GCC __null extension seem non-conforming to the standard's requirements.)
* add prototypes for euidaccess/eaccessRich Felker2013-08-031-0/+2
|
* a few more fixes for unistd/sysconf feature reportingRich Felker2013-07-271-0/+1
|
* report presence of ADV and MSG options in unistd.h and sysconfRich Felker2013-07-261-0/+2
|
* report that posix_spawn is supported in unistd.h and sysconfRich Felker2013-07-261-0/+1
|
* document in sysconf and unistd.h that per-thread cpu clocks existRich Felker2013-06-261-0/+1
|
* re-add useconds_trofl0r2013-04-021-0/+1
| | | | | | | | this type was removed back in 5243e5f1606a9c6fcf01414e , because it was removed from the XSI specs. however some apps use it. since it's in the POSIX reserved namespace, we can expose it unconditionally.
* use a common definition of NULL as 0L for C and C++Rich Felker2013-01-181-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the historical mess of having different definitions for C and C++ comes from the historical C definition as (void *)0 and the fact that (void *)0 can't be used in C++ because it does not convert to other pointer types implicitly. however, using plain 0 in C++ exposed bugs in C++ programs that call variadic functions with NULL as an argument and (wrongly; this is UB) expect it to arrive as a null pointer. on 64-bit machines, the high bits end up containing junk. glibc dodges the issue by using a GCC extension __null to define NULL; this is observably non-conforming because a conforming application could observe the definition of NULL via stringizing and see that it is neither an integer constant expression with value zero nor such an expression cast to void. switching to 0L eliminates the issue and provides compatibility with broken applications, since on all musl targets, long and pointers have the same size, representation, and argument-passing convention. we could maintain separate C and C++ definitions of NULL (i.e. just use 0L on C++ and use (void *)0 on C) but after careful analysis, it seems extremely difficult for a C program to even determine whether NULL has integer or pointer type, much less depend in subtle, unintentional ways, on whether it does. C89 seems to have no way to make the distinction. on C99, the fact that (int)(void *)0 is not an integer constant expression, along with subtle VLA/sizeof semantics, can be used to make the distinction, but many compilers are non-conforming and give the wrong result to this test anyway. on C11, _Generic can trivially make the distinction, but it seems unlikely that code targetting C11 would be so backwards in caring which definition of NULL an implementation uses. as such, the simplest path of using the same definition for NULL in both C and C++ was chosen. the #undef directive was also removed so that the compiler can catch and give a warning or error on redefinition if buggy programs have defined their own versions of NULL prior to inclusion of standard headers.
* syscall() declaration belongs in unistd.h, not sys/syscall.hRich Felker2012-12-101-0/+1
| | | | | | | traditionally, both BSD and GNU systems have it this way. sys/syscall.h is purely syscall number macros. presently glibc exposes the syscall declaration in unistd.h only with _GNU_SOURCE, but that does not reflect historical practice.
* unistd.h: fix wrong type for gid_t argumentrofl0r2012-12-061-1/+1
| | | | | the prototype is defined with const gid_t* rather than const gid_t[]. it was already correctly defined in grp.h.
* report support of TPS option in unistd.h and sysconfRich Felker2012-11-111-0/+1
| | | | also update another newish feature in sysconf, stackaddr
* avoid breakage if somebody wrongly defines empty feature test macrosRich Felker2012-11-011-1/+1
|
* define some _POSIX_* macros that were omitted; required for XSI conformanceRich Felker2012-09-301-0/+3
|
* always expose dup3 and pipe2Rich Felker2012-09-291-2/+2
| | | | they will be in the next version of POSIX
* add clock_adjtime, remap_file_pages, and syncfs syscall wrappersRich Felker2012-09-161-0/+1
| | | | patch by Justin Cormack, with slight modification
* add setdomainname syscall, fix getdomainname (previously a stub)Rich Felker2012-09-091-0/+1
|
* add acct, accept4, setns, and dup3 syscalls (linux extensions)Rich Felker2012-09-081-0/+2
| | | | based on patch by Justin Cormack
* default features: make musl usable without feature test macrosRich Felker2012-09-071-12/+1
| | | | | | | | | | the old behavior of exposing nothing except plain ISO C can be obtained by defining __STRICT_ANSI__ or using a compiler option (such as -std=c99) that predefines it. the new default featureset is POSIX with XSI plus _BSD_SOURCE. any explicit feature test macros will inhibit the default. installation docs have also been updated to reflect this change.
* further use of _Noreturn, for non-plain-C functionsRich Felker2012-09-061-1/+8
| | | | | | | | | | | | | | | | | | | note that POSIX does not specify these functions as _Noreturn, because POSIX is aligned with C99, not the new C11 standard. when POSIX is eventually updated to C11, it will almost surely give these functions the _Noreturn attribute. for now, the actual _Noreturn keyword is not used anyway when compiling with a c99 compiler, which is what POSIX requires; the GCC __attribute__ is used instead if it's available, however. in a few places, I've added infinite for loops at the end of _Noreturn functions to silence compiler warnings. presumably __buildin_unreachable could achieve the same thing, but it would only work on newer GCCs and would not be portable. the loops should have near-zero code size cost anyway. like the previous _Noreturn commit, this one is based on patches contributed by philomath.
* use restrict everywhere it's required by c99 and/or posix 2008Rich Felker2012-09-061-3/+9
| | | | | | | | to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
* improve headers to better deal with removed-in-posix-2008 featuresRich Felker2012-08-151-2/+6
| | | | | | | | | with this patch, setting _POSIX_SOURCE, or setting _POSIX_C_SOURCE or _XOPEN_SOURCE to an old version, will bring back the interfaces that were removed in POSIX 2008 - at least the ones i've covered so far, which are gethostby*, usleep, and ualarm. if there are other functions still in widespread use that were removed for which similar changes would be beneficial, they can be added just like this.
* add pipe2 syscallRich Felker2012-07-231-0/+1
| | | | based on patch by orc and Isaac Dunham, with some details fixed.
* _GNU_SOURCE is supposed to imply _LARGEFILE64_SOURCERich Felker2012-06-041-1/+1
| | | | | | | | | this is ugly and stupid, but now that the *64 symbol names exist, a lot of broken GNU software detects them in configure, then either breaks during build due to missing off64_t definition, or attempts to compile without function declarations/prototypes. "fixing" it here is easier than telling everyone to add yet another feature test macro to their builds.
* declare environ in unistd.h when _GNU_SOURCE feature test macro is usedRich Felker2012-06-021-0/+1
| | | | | lots of broken programs expect this, and it's gotten to the point of being a troubleshooting FAQ topic. best to just fix it.
* remove everything related to forkallRich Felker2012-05-221-1/+0
| | | | | | | | | | i made a best attempt, but the intended semantics of this function are fundamentally contradictory. there is no consistent way to handle ownership of locks when forking a multi-threaded process. the code could have worked by accident for programs that only used normal mutexes and nothing else (since they don't actually store or care about their owner), but that's about it. broken-by-design interfaces that aren't even in glibc (only solaris) don't belong in musl.
* some feature test fixes for unistd.hRich Felker2012-05-221-16/+16
|
* _GNU_SOURCE implies all BSD features except ones GNU rejectsRich Felker2012-05-221-1/+1
|
* various header cleanups, some related to _BSD_SOURCE additionRich Felker2012-05-221-11/+4
| | | | | | there is no reason to avoid multiple identical macro definitions; this is perfectly legal C, and even with the maximal warning options enabled, gcc does not issue any warning for it.
* support _BSD_SOURCE feature test macroRich Felker2012-05-221-3/+17
| | | | | patch by Isaac Dunham. matched closely (maybe not exact) to glibc's idea of what _BSD_SOURCE should make visible.
* move getpass decl to the right placeRich Felker2012-05-201-0/+1
|
* add support for ugly *64 functions with _LARGEFILE64_SOURCERich Felker2012-05-041-0/+10
| | | | | | | | | | | | | | | | musl does not support legacy 32-bit-off_t whatsoever. off_t is always 64 bit, and correct programs that use off_t and the standard functions will just work out of the box. (on glibc, they would require -D_FILE_OFFSET_BITS=64 to work.) however, some programs instead define _LARGEFILE64_SOURCE and use alternate versions of all the standard types and functions with "64" appended to their names. we do not want code to actually get linked against these functions (it's ugly and inconsistent), so macros are used instead of prototypes with weak aliases in the library itself. eventually the weak aliases may be added at the library level for the sake of using code that was originally built against glibc, but the macros will still be the desired solution in the headers.
* implement getusershell, etc. legacy functionsRich Felker2012-04-221-0/+3
| | | | | I actually wrote these a month ago but forgot to integrate them. ugly, probably-harmful-to-use functions, but some legacy apps want them...
* getdtablesize is not standard; move it to its correct spot in unistd.hRich Felker2012-04-221-1/+1
|
* add getresuid and getresgid syscall wrappersRich Felker2012-04-221-0/+2
|
* legacy junk compatibility grab-bagRich Felker2012-04-181-0/+2
| | | | | | - add the rest of the junk traditionally in sys/param.h - add prototypes for some nonstandard functions - add _GNU_SOURCE to their source files so the compiler can check proto
* add get_current_dir_name functionRich Felker2012-02-171-0/+1
|
* fix various errors in function signatures/prototypes found by nszRich Felker2011-09-131-3/+3
|
* implement forkallRich Felker2011-08-121-0/+1
| | | | | | | | | | | | this is a "nonstandard" function that was "rejected" by POSIX, but nonetheless had its behavior documented in the POSIX rationale for fork. it's present on solaris and possibly some other systems, and duplicates the whole calling process, not just a single thread. glibc does not have this function. it should not be used in programs intending to be portable, but may be useful for testing, checkpointing, etc. and it's an interesting (and quite small) example of the usefulness of the __synccall framework originally written to work around deficiencies in linux's setuid syscall.
* correct variadic prototypes for execl* familyRich Felker2011-04-271-3/+3
| | | | | the old versions worked, but conflicted with programs which declared their own prototypes and generated warnings with some versions of gcc.
* fix prototypes/signature for setgroups, etc.Rich Felker2011-04-131-1/+1
|
* prototype getdtablesize (nonstandard function)Rich Felker2011-04-031-0/+1
|
* add setresuid/setresgid functions (nonstandard)Rich Felker2011-04-031-0/+2
|
* remove obsolete and useless useconds_t typeRich Felker2011-04-011-3/+2
|
* implement fexecveRich Felker2011-02-271-0/+1
|
* prototypes for brk and sbrkRich Felker2011-02-191-0/+2
|
* feature test support in unistd.hRich Felker2011-02-151-23/+27
|