[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: lintian: shlib-read-write-env

On Tue, 2017-01-31 at 14:23 +0100, Christian Seiler wrote:
> On 01/31/2017 11:15 AM, Mathieu Malaterre wrote:
> > I'd like to discuss addition of a new lintian checks for
> > getenv/setenv/putenv used in shared libraries.
> Why getenv() though? It just reads the environment.
> > From what you link yourself:
> > The getenv and secure_getenv functions can be safely used in
> > multi-threaded programs.

But it returns a pointer to the value, which might be freed by another
thread before it is used.  If there were a reader function that copied
the value to a caller-provided buffer, it could be properly thread-

(The C library could also make getenv() thread-safe by maintaining a
per-thread cache of the environment and returning a pointer into that. 
But portable software still couldn't assume this.)


Ben Hutchings
It is easier to write an incorrect program than to understand a correct

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: