Web lists-archives.com

Re: lintian: shlib-read-write-env




On Tue, Jan 31, 2017 at 4:56 PM, Christian Seiler <christian@xxxxxxxx> wrote:
> On 01/31/2017 04:49 PM, Ben Hutchings wrote:
>> On Tue, 2017-01-31 at 14:23 +0100, Christian Seiler wrote:
>>> On 01/31/2017 11:15 AM, Mathieu Malaterre wrote:
>>>> I'd like to discuss addition of a new lintian checks for
>>>> getenv/setenv/putenv used in shared libraries.
>>>
>>> Why getenv() though? It just reads the environment.
>>>> From what you link yourself:
>>>> The getenv and secure_getenv functions can be safely used in
>>>> multi-threaded programs.
>> [...]
>>
>> But it returns a pointer to the value, which might be freed by another
>> thread before it is used.  If there were a reader function that copied
>> the value to a caller-provided buffer, it could be properly thread-
>> safe.
>
> But that's only a problem if you call setenv() or similar in a
> different thread, which you shouldn't do.
>
> getenv() is only unsafe if the environment is modified, a library
> using getenv() in a program that follows libc's guidelines to not
> call setenv() in an MT-context is perfectly fine.

That was precisely my point. Usage of `getenv` even from a
multithreaded program (see demo code I sent) can only lead to crash in
case another thread (same process) is calling `setenv` (or
equivalent). I had security concern, but this discussion proved it is
impossible to exploit.

-M