secure_getenv(3)

1GETENV(3)                  Linux Programmer's Manual                 GETENV(3)
2
3
4

NAME

6       getenv, secure_getenv - get an environment variable
7

SYNOPSIS

9       #include <stdlib.h>
10
11       char *getenv(const char *name);
12       char *secure_getenv(const char *name);
13
14   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
15
16       secure_getenv():
17           _GNU_SOURCE
18

DESCRIPTION

20       The  getenv()  function searches the environment list to find the envi‐
21       ronment variable name, and returns a pointer to the corresponding value
22       string.
23
24       The  GNU-specific secure_getenv() function is just like getenv() except
25       that it returns NULL in cases where  "secure  execution"  is  required.
26       Secure  execution  is  required  if one of the following conditions was
27       true when the program run by the calling process was loaded:
28
29       *  the process's effective user ID did not match its real  user  ID  or
30          the  process's  effective  group  ID did not match its real group ID
31          (typically this is the result of executing  a  set-user-ID  or  set-
32          group-ID program);
33
34       *  the effective capability bit was set on the executable file; or
35
36       *  the process has a nonempty permitted capability set.
37
38       Secure  execution may also be required if triggered by some Linux secu‐
39       rity modules.
40
41       The secure_getenv() function is intended for use in general-purpose li‐
42       braries  to  avoid  vulnerabilities  that could occur if set-user-ID or
43       set-group-ID programs accidentally trusted the environment.
44

RETURN VALUE

46       The getenv() function returns a pointer to the value  in  the  environ‐
47       ment, or NULL if there is no match.
48

VERSIONS

50       secure_getenv() first appeared in glibc 2.17.
51

ATTRIBUTES

53       For  an  explanation  of  the  terms  used  in  this  section,  see at‐
54       tributes(7).
55
56       ┌────────────────────────────────────────┬───────────────┬─────────────┐
57       │Interface                               │ Attribute     │ Value       │
58       ├────────────────────────────────────────┼───────────────┼─────────────┤
59       │getenv(), secure_getenv()               │ Thread safety │ MT-Safe env │
60       └────────────────────────────────────────┴───────────────┴─────────────┘
61

CONFORMING TO

63       getenv(): POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.
64
65       secure_getenv() is a GNU extension.
66

NOTES

68       The strings in the environment list are of the form name=value.
69
70       As typically implemented, getenv() returns a pointer to a string within
71       the  environment  list.   The  caller must take care not to modify this
72       string, since that would change the environment of the process.
73
74       The implementation of getenv() is not required to  be  reentrant.   The
75       string pointed to by the return value of getenv() may be statically al‐
76       located, and  can  be  modified  by  a  subsequent  call  to  getenv(),
77       putenv(3), setenv(3), or unsetenv(3).
78
79       The  "secure  execution"  mode  of secure_getenv() is controlled by the
80       AT_SECURE flag contained in the auxiliary vector passed from the kernel
81       to user space.
82

COLOPHON

88       This page is part of release 5.13 of the Linux  man-pages  project.   A
89       description  of  the project, information about reporting bugs, and the
90       latest    version    of    this    page,    can     be     found     at
91       https://www.kernel.org/doc/man-pages/.
92
93
94
95GNU                               2021-03-22                         GETENV(3)