Skip to content

std::env uses getenv instead of secure_getenv #92558

Open
@briansmith

Description

@briansmith
Contributor

The glibc manual at https://www.gnu.org/software/libc/manual/html_node/Environment-Access.html#Environment-Access says:

Libraries should use secure_getenv instead of getenv, so that they do not accidentally use untrusted environment variables.

libstd is a library, and many (most?) Rust crates are libraries, so it seems like we either should follow glibc's advice and use secure_getenv, or we should document a clear rationale for going against its advice.

See

let s = libc::getenv(k.as_ptr()) as *const libc::c_char;

musl 1.1.24+ and glibc 2.17+ both support secure_getenv so I suggest we just assume any libc on Linux has it.

Activity

est31

est31 commented on Jan 4, 2022

@est31
Member

The difference is explained in the linked doc:

This function is similar to getenv, but it returns a null pointer if the environment is untrusted. This happens when the program file has SUID or SGID bits set. General-purpose libraries should always prefer this function over getenv to avoid vulnerabilities if the library is referenced from a SUID/SGID program.

I think that concern is legitimate.

added a commit that references this issue on Sep 29, 2023

Auto merge of #3304 - CuriouslyCurious:secure_getenv_linux, r=JohnTitor

added
A-securityArea: Security (example: address space layout randomization).
T-libsRelevant to the library team, which will review and decide on the PR/issue.
and removed on Jan 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-processArea: `std::process` and `std::env`A-securityArea: Security (example: address space layout randomization).C-bugCategory: This is a bug.T-libsRelevant to the library team, which will review and decide on the PR/issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @briansmith@ChrisDenton@est31@fmease@workingjubilee

        Issue actions

          `std::env` uses `getenv` instead of `secure_getenv` · Issue #92558 · rust-lang/rust