1GETENV(3) Linux Programmer's Manual GETENV(3)
2
3
4
6 getenv, secure_getenv - get an environment variable
7
9 #include <stdlib.h>
10
11 char *getenv(const char *name);
12 char *secure_getenv(const char *name);
13
14 Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
15
16 secure_getenv():
17 _GNU_SOURCE
18
20 The getenv() function searches the environment list to find the envi‐
21 ronment variable name, and returns a pointer to the corresponding value
22 string.
23
24 The GNU-specific secure_getenv() function is just like getenv() except
25 that it returns NULL in cases where "secure execution" is required.
26 Secure execution is required if one of the following conditions was
27 true when the program run by the calling process was loaded:
28
29 * the process's effective user ID did not match its real user ID or
30 the process's effective group ID did not match its real group ID
31 (typically this is the result of executing a set-user-ID or set-
32 group-ID program);
33
34 * the effective capability bit was set on the executable file; or
35
36 * the process has a nonempty permitted capability set.
37
38 Secure execution may also be required if triggered by some Linux secu‐
39 rity modules.
40
41 The secure_getenv() function is intended for use in general-purpose li‐
42 braries to avoid vulnerabilities that could occur if set-user-ID or
43 set-group-ID programs accidentally trusted the environment.
44
46 The getenv() function returns a pointer to the value in the environ‐
47 ment, or NULL if there is no match.
48
50 secure_getenv() first appeared in glibc 2.17.
51
53 For an explanation of the terms used in this section, see at‐
54 tributes(7).
55
56 ┌────────────────────────────────────────┬───────────────┬─────────────┐
57 │Interface │ Attribute │ Value │
58 ├────────────────────────────────────────┼───────────────┼─────────────┤
59 │getenv(), secure_getenv() │ Thread safety │ MT-Safe env │
60 └────────────────────────────────────────┴───────────────┴─────────────┘
61
63 getenv(): POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.
64
65 secure_getenv() is a GNU extension.
66
68 The strings in the environment list are of the form name=value.
69
70 As typically implemented, getenv() returns a pointer to a string within
71 the environment list. The caller must take care not to modify this
72 string, since that would change the environment of the process.
73
74 The implementation of getenv() is not required to be reentrant. The
75 string pointed to by the return value of getenv() may be statically al‐
76 located, and can be modified by a subsequent call to getenv(),
77 putenv(3), setenv(3), or unsetenv(3).
78
79 The "secure execution" mode of secure_getenv() is controlled by the
80 AT_SECURE flag contained in the auxiliary vector passed from the kernel
81 to user space.
82
84 clearenv(3), getauxval(3), putenv(3), setenv(3), unsetenv(3), capabili‐
85 ties(7), environ(7)
86
88 This page is part of release 5.12 of the Linux man-pages project. A
89 description of the project, information about reporting bugs, and the
90 latest version of this page, can be found at
91 https://www.kernel.org/doc/man-pages/.
92
93
94
95GNU 2021-03-22 GETENV(3)