How to use secure_getenv

In glibc 2.17, __secure_getenv was renamed to secure_getenv. Old applications continue to run unchanged, but some care is required to ensure that source code can be compiled with all glibc versions.

Using autoconf

If you use autoconf, you need the following directives in your configure.in or configure.ac file:

AC_GNU_SOURCE
AC_CHECK_FUNCS([__secure_getenv secure_getenv])

Instead of AC_GNU_SOURCE, you can use AC_USE_SYSTEM_EXTENSIONS (introduced in autoconf 2.60).

In the file which uses secure_getenv, include the following preprocessor directives:

#include <stdlib.h>

#ifndef HAVE_SECURE_GETENV
#  ifdef HAVE___SECURE_GETENV
#    define secure_getenv __secure_getenv
#  else
#    error neither secure_getenv nor __secure_getenv is available
#  endif
#endif

Instead of the #error directive, you could include emulation code which compares getuid() with geteuid() and getgid() with getegid(), but such emulation is necessarily brittle.

The manual way

1. Define _GNU_SOURCE when compiling the relevant source code files.

2. Use secure_getenv if it is available (in <stdlib.h> or as a linker symbol). Fall back to __secure_getenv if it is not.

The auxiliary vector

If you only need to check if the process was created with a non-trusted environment, you can use getauxval (introduced in glibc 2.16) to obtain the value of the AT_SECURE flag. This supersedes the (unsupported) __libc_enable_secure variable.