On Tue, Jan 31, 2017 at 4:56 PM, Christian Seiler <christ...@iwakd.de> wrote: > On 01/31/2017 04:49 PM, Ben Hutchings wrote: >> On Tue, 2017-01-31 at 14:23 +0100, Christian Seiler wrote: >>> On 01/31/2017 11:15 AM, Mathieu Malaterre wrote: >>>> I'd like to discuss addition of a new lintian checks for >>>> getenv/setenv/putenv used in shared libraries. >>> >>> Why getenv() though? It just reads the environment. >>>> From what you link yourself: >>>> The getenv and secure_getenv functions can be safely used in >>>> multi-threaded programs. >> [...] >> >> But it returns a pointer to the value, which might be freed by another >> thread before it is used. If there were a reader function that copied >> the value to a caller-provided buffer, it could be properly thread- >> safe. > > But that's only a problem if you call setenv() or similar in a > different thread, which you shouldn't do. > > getenv() is only unsafe if the environment is modified, a library > using getenv() in a program that follows libc's guidelines to not > call setenv() in an MT-context is perfectly fine.
That was precisely my point. Usage of `getenv` even from a multithreaded program (see demo code I sent) can only lead to crash in case another thread (same process) is calling `setenv` (or equivalent). I had security concern, but this discussion proved it is impossible to exploit. -M
