.\" Copyright 1993 David Metcalfe (david@prism.demon.co.uk)
+.\" and Copyright (C) 2007, 2012 Michael Kerrisk <mtk.manpages@gmail.com>
.\"
+.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\" manual under the conditions for verbatim copying, provided that the
.\" entire resulting derived work is distributed under the terms of a
.\" permission notice identical to this one.
-.\"
+.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date. The author(s) assume no
.\" responsibility for errors or omissions, or for damages resulting from
.\" have taken the same level of care in the production of this manual,
.\" which is licensed free of charge, as they might when working
.\" professionally.
-.\"
+.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
+.\" %%%LICENSE_END
.\"
.\" References consulted:
.\" Linux libc source code
-.\" Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991)
+.\" Lewine's "POSIX Programmer's Guide" (O'Reilly & Associates, 1991)
.\" 386BSD man pages
.\" Modified Sat Jul 24 19:30:29 1993 by Rik Faith (faith@cs.unc.edu)
.\" Modified Fri Feb 14 21:47:50 1997 by Andries Brouwer (aeb@cwi.nl)
.\"
-.TH GETENV 3 1993-04-03 "GNU" "Linux Programmer's Manual"
+.TH GETENV 3 2017-09-15 "GNU" "Linux Programmer's Manual"
.SH NAME
-getenv \- get an environment variable
+getenv, secure_getenv \- get an environment variable
.SH SYNOPSIS
.nf
.B #include <stdlib.h>
-.sp
+.PP
.BI "char *getenv(const char *" name );
+.PP
+.BI "char *secure_getenv(const char *" name );
.fi
+.PP
+.in -4n
+Feature Test Macro Requirements for glibc (see
+.BR feature_test_macros (7)):
+.in
+.PP
+.BR secure_getenv ():
+_GNU_SOURCE
.SH DESCRIPTION
-The \fBgetenv()\fP function searches the environment list for a string
-that matches the string pointed to by \fIname\fP. The strings are of
-the form \fIname = value\fP.
-.SH "RETURN VALUE"
-The \fBgetenv()\fP function returns a pointer to the value in the
+The
+.BR getenv ()
+function searches the environment list to find the
+environment variable
+.IR name ,
+and returns a pointer to the corresponding
+.I value
+string.
+.PP
+The GNU-specific
+.BR secure_getenv ()
+function is just like
+.BR getenv ()
+except that it returns NULL in cases where "secure execution" is required.
+Secure execution is required if one of the following conditions
+was true when the program run by the calling process was loaded:
+.IP * 3
+the process's effective user ID did not match its real user ID or
+the process's effective group ID did not match its real group ID
+(typically this is the result of executing a set-user-ID or
+set-group-ID program);
+.IP *
+the effective capability bit was set on the executable file; or
+.IP *
+the process has a nonempty permitted capability set.
+.PP
+Secure execution may also be required if triggered
+by some Linux security modules.
+.PP
+The
+.BR secure_getenv ()
+function is intended for use in general-purpose libraries
+to avoid vulnerabilities that could occur if
+set-user-ID or set-group-ID programs accidentally
+trusted the environment.
+.SH RETURN VALUE
+The
+.BR getenv ()
+function returns a pointer to the value in the
environment, or NULL if there is no match.
-.SH "CONFORMING TO"
-SVID 3, POSIX, BSD 4.3, ISO 9899
-.SH "SEE ALSO"
+.SH VERSIONS
+.BR secure_getenv ()
+first appeared in glibc 2.17.
+.SH ATTRIBUTES
+For an explanation of the terms used in this section, see
+.BR attributes (7).
+.TS
+allbox;
+lbw25 lb lb
+l l l.
+Interface Attribute Value
+T{
+.BR getenv (),
+.BR secure_getenv ()
+T} Thread safety MT-Safe env
+.TE
+.SH CONFORMING TO
+.BR getenv ():
+POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.
+.PP
+.BR secure_getenv ()
+is a GNU extension.
+.SH NOTES
+The strings in the environment list are of the form \fIname=value\fP.
+.PP
+As typically implemented,
+.BR getenv ()
+returns a pointer to a string within the environment list.
+The caller must take care not to modify this string,
+since that would change the environment of the process.
+.PP
+The implementation of
+.BR getenv ()
+is not required to be reentrant.
+The string pointed to by the return value of
+.BR getenv ()
+may be statically allocated,
+and can be modified by a subsequent call to
+.BR getenv (),
+.BR putenv (3),
+.BR setenv (3),
+or
+.BR unsetenv (3).
+.PP
+The "secure execution" mode of
+.BR secure_getenv ()
+is controlled by the
+.B AT_SECURE
+flag contained in the auxiliary vector passed from the kernel to user space.
+.SH SEE ALSO
.BR clearenv (3),
+.BR getauxval (3),
.BR putenv (3),
.BR setenv (3),
.BR unsetenv (3),
-.BR environ (5)
+.BR capabilities (7),
+.BR environ (7)
projects / thirdparty / man-pages.git / blobdiff