Web lists-archives.com

Re: lintian: shlib-read-write-env




On Tue, 2017-01-31 at 14:23 +0100, Christian Seiler wrote:
> On 01/31/2017 11:15 AM, Mathieu Malaterre wrote:
> > I'd like to discuss addition of a new lintian checks for
> > getenv/setenv/putenv used in shared libraries.
> 
> Why getenv() though? It just reads the environment.
> > From what you link yourself:
> > The getenv and secure_getenv functions can be safely used in
> > multi-threaded programs.
[...]

But it returns a pointer to the value, which might be freed by another
thread before it is used.  If there were a reader function that copied
the value to a caller-provided buffer, it could be properly thread-
safe.

(The C library could also make getenv() thread-safe by maintaining a
per-thread cache of the environment and returning a pointer into that. 
But portable software still couldn't assume this.)

Ben.

-- 
Ben Hutchings
It is easier to write an incorrect program than to understand a correct
one.

Attachment: signature.asc
Description: This is a digitally signed message part