This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] tzset robustness [BZ#17715]
- From: Rich Felker <dalias at libc dot org>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: Paul Eggert <eggert at cs dot ucla dot edu>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Sun, 25 Jan 2015 01:21:27 -0500
- Subject: Re: [PATCH] tzset robustness [BZ#17715]
- Authentication-results: sourceware.org; auth=none
- References: <54B6E99E dot 4030109 at redhat dot com> <20150115133911 dot GR4574 at brightrain dot aerifal dot cx> <54B7C493 dot 5020506 at redhat dot com> <20150115140208 dot GS4574 at brightrain dot aerifal dot cx> <54B9742E dot 3060301 at redhat dot com> <54BE5589 dot 3080802 at redhat dot com> <20150120151434 dot GG4574 at brightrain dot aerifal dot cx> <54BE761D dot 5000808 at redhat dot com> <54BE7BD5 dot 9080405 at cs dot ucla dot edu> <54C0C8F1 dot 6000705 at redhat dot com>
On Thu, Jan 22, 2015 at 10:54:57AM +0100, Florian Weimer wrote:
> On 01/20/2015 05:01 PM, Paul Eggert wrote:
> > Florian Weimer wrote:
> >> This seems to suggest that the glibc behavior is non-compliant.
> >
> > No, because POSIX reserves the environment variable name TZDIR for the
> > implementation (just as it reserves all upper-case-only names).
>
> Hmm. Does that mean that scrubbing TZ and TZDIR in AT_SECURE mode would
> also be compliant?
No. Silently removing or modifying env vars is never compliant.
Rich