From nobody Sat Mar 25 17:08:10 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PkQWb3n8Tz41S45; Sat, 25 Mar 2023 17:08:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PkQWb0bTHz4JJ0; Sat, 25 Mar 2023 17:08:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679764091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OzhJFfeP0m8vPIlbrmUisfJUZQUfHVLylrb1vi5rUuw=; b=VBIYto5BkvxVBGFneJ+JbWO1JcrC375XihFbi6b1LiO+srhc2BnKIAkZJm/bGub5QKHPsA 0pNokMNutIVV47Rvb8/RP6UwYfBiU2/wQ5cBxpTzPFi3zzrNUsjV7rZa7pMNgEmFcv+n6I LKKzUMVr22OlbA9fa53QYjrYkz9D+ipLQ/ofxcPwWZ52lpwMlQ3HNKbwN6g4vNx8oGCHfu MZHbUfn2dhXryoMkSAKMUyeu43TaYS6NxOB8PLDL+ZGnF1e70SWCKyGDFMDGx9CHpo7Ce2 r7xdS+2Z8+1alzlyTcwTTQ+peh58gmAhYqaXAaf9tl390mQb4fL3kPHN4NBJCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679764091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OzhJFfeP0m8vPIlbrmUisfJUZQUfHVLylrb1vi5rUuw=; b=OxICWBnC12cdHpUQvlYXj5b2ur+MHoghlgzLSeT3QPpXeLNjb5QXJ3RxF7sf/AmbVSNqSE 2ZoLavkIlqEVCqr85JH3xMd0PuYrvjS9V+eENZctN4J1HjqdKPFRgfGTo+zjJ6BBrJJrAx PAQb0JJ0w8+gP1WmhOL9jtxaPsjqiGXjnTZAQ1McFLYs62Mvk1VYYmsVcysXa9EftQAShg mnXLksVbxRMz0mmpo1qM+0FYaV3cMemhYMZRVXbLUuO4aKVegqtFfRkmYkWqig1gL6rCO8 DMQesGK/Eby0w/eyKdX7/NM0a62crHRWsGk8hl8NYO3n9MN1Lk0hLuxXSWlVgg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1679764091; a=rsa-sha256; cv=none; b=UnOXY+LuUX5EKZe1nfmuTNjmgjn7rmYeeHciokgTyBNFAVI2V9k0spDN8hpBuwuc1uzHb9 66VozIEoun2mo+AJBj3WZxYaqEn0ajUlfOh9Ktv1TA3U0hMjdpB6Ly/pbe+FoSoLP1Mxrk 0UPwzGLM9SWrSzYYIR7dDUstdX31p03LK5C5iN7Yfd2wtu75yq0C4LSmJaH7rexw4b5OUO rmRRPlmKqEVUm2ilOEKPuJergrQCmzKivnFULsAAP6DO8NrOImo10MAfQKlS4HOWsyEYfu t/+/YHCiHRBN9ktoBKrqPzHSYD/xV/rg6vkwdg44Qx7lyDL2SaQIaL/iRq5/Vw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PkQWZ6lWCz16Fp; Sat, 25 Mar 2023 17:08:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32PH8AtL079159; Sat, 25 Mar 2023 17:08:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32PH8AUp079158; Sat, 25 Mar 2023 17:08:10 GMT (envelope-from git) Date: Sat, 25 Mar 2023 17:08:10 GMT Message-Id: <202303251708.32PH8AUp079158@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Warner Losh Subject: git: d5df26858420 - main - secure_getenv: Improve documentation wording List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d5df268584209c448d2e3f344b8b15c944e48b82 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=d5df268584209c448d2e3f344b8b15c944e48b82 commit d5df268584209c448d2e3f344b8b15c944e48b82 Author: Warner Losh AuthorDate: 2023-03-14 17:02:07 +0000 Commit: Warner Losh CommitDate: 2023-03-25 17:06:13 +0000 secure_getenv: Improve documentation wording Improve the documentation wording to be more consistent with FreeBSD manual pages. Suggested by: mjg (though reworded) Sponsored by: Netflix --- lib/libc/stdlib/getenv.3 | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/lib/libc/stdlib/getenv.3 b/lib/libc/stdlib/getenv.3 index 93c0d2ada6ad..46736635da47 100644 --- a/lib/libc/stdlib/getenv.3 +++ b/lib/libc/stdlib/getenv.3 @@ -32,7 +32,7 @@ .\" @(#)getenv.3 8.2 (Berkeley) 12/11/93 .\" $FreeBSD$ .\" -.Dd March 13, 2023 +.Dd March 14, 2023 .Dt GETENV 3 .Os .Sh NAME @@ -81,19 +81,16 @@ to by the .Fn getenv function. .Pp -The GNU-specific function, -.Fn secure_getenv -wraps the -.Fn getenv -function to prevent it from being run in "secure execution". -Unlike in glibc, +The .Fn secure_getenv -only checks if the -.Fa setuid -and -.Fa setgid -bits have been set or changed. -These checks are subject to extension and change. +returns +.Va NULL +when the environment cannot be trusted, otherwise it acts like +.Fn getenv . +The environment currently is not trusted when +.Xr issetugid 3 +returns a non-zero value, but other conditions may be added +in the future. .Pp The .Fn setenv @@ -222,6 +219,9 @@ and .Fn unsetenv functions conforms to .St -p1003.1-2001 . +The +.Fn secure_getenv +function is expected to be glibc-compatible. .Sh HISTORY The functions .Fn setenv @@ -249,7 +249,9 @@ specification. .Pp The .Fn clearenv -was added in +and +.Fn secure_getenv +functions were added in .Fx 14 . .Sh BUGS Successive calls to