[PATCH] Define secure_getenv (v2)

Carlos O'Donell carlos_odonell@mentor.com
Thu Jul 19 15:46:00 GMT 2012 

On 7/19/2012 11:31 AM, Florian Weimer wrote:
> I think I've incorporated the feedback so far.  Static linking indeed helps to run the test case.  Not sure if I should make it an xtest, but supplementary groups are very common.

No, leave it in the normal set of tests for now.

We'll get feedback soon enough from developers if they have problems running the test.

Based on the feedback we'll decide if it should go into xtest.
 
> The libc symbol situation looks like this now:
> 
>    612: 0000000000037930    27 FUNC    GLOBAL DEFAULT   12
>         __libc_secure_getenv@@GLIBC_PRIVATE
>    852: 0000000000037930    27 FUNC    GLOBAL DEFAULT   12
>         __secure_getenv@GLIBC_2.2.5
>   1704: 0000000000037930    27 FUNC    WEAK   DEFAULT   12
>         secure_getenv@@GLIBC_2.17
>   4648: 0000000000037930    27 FUNC    LOCAL  DEFAULT   12
>         __GI_secure_getenv
>   6817: 0000000000037930    27 FUNC    GLOBAL DEFAULT   12
>         __secure_getenv@GLIBC_2.2.5
>   6841: 0000000000037930    27 FUNC    WEAK   DEFAULT   12
>         secure_getenv
>   7231: 0000000000037930    27 FUNC    GLOBAL DEFAULT   12
>         __libc_secure_getenv
> 
> libnss_hesiod.so references:
> 
>      9: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND
>         __libc_secure_getenv@GLIBC_PRIVATE (5)
>     93: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND
>         __libc_secure_getenv@@GLIBC_PRIVATE
> 
> Internal references to secure_getenv do not go through the PLT.
> 
> I tried to update the abilist files as well as I could.
> 
> I still need to do manual tests to ensure backwards compatibility.  And I'm not sure if nss_hesiod still works.
> 
> -- 
> Florian Weimer / Red Hat Product Security Team
> 
> secure-getenv.patch
> 
> 
> 2012-07-19  Florian Weimer  <fweimer@redhat.com>
> 
> 	* Versions.def: Add GLIBC_2.17.
> 
> 	* stdlib/stdlib.h: Rename __secure_getenv to secure_getenv.
> 	* include/stdlib.h: Rename __secure_getenv to secure_getenv.
> 	Introduce __libc_secure_getenv.
> 	* stdlib/Versions: Add secure_getenv and __libc_secure_getenv.
> 	* stdlib/secure-getenv.c: Likewise.  Update copyright years.
> 	* stdlib/tst-secure-getenv.c: New.
> 	* stdlib/Makefile (tests): Add testcase.
> 
> 	* manual/startup.texi (Environment Access): Document
> 	secure_getenv.
> 
> 	* inet/ruserpass.c (ruserpass): Rename __secure_getenv to
> 	secure_getenv.
> 	* malloc/mtrace.c (mtrace): Likewise.
> 	* sysdeps/mach/hurd/tmpfile.c (__tmpfile): Likewise.
> 	* sysdeps/posix/libc_fatal.c (__libc_fatal): Likewise.  Update
> 	copyright years.
> 	* sysdeps/posix/sysconf.c (__sysconf__check_spec): Likewise.
> 	* sysdeps/posix/tempname.c: Likewise.  Evaluatue
> 	HAVE_SECURE_GETENV.
> 	* sysdeps/unix/sysv/linux/libc_fatal.c (__libc_message): Rename
> 	__secure_getenv to secure_getenv.  Update copyright years.
> 
> 	* hesiod/hesiod.c (hesiod_init): Use __libc_secure_getenv.
> 
> 	* sysdeps/unix/sysv/linux/i386/nptl/libc.abilist: Add secure_getenv.
> 	* sysdeps/unix/sysv/linux/libc_fatal.c: Likewise.
> 	* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/nptl/libc.abilist:
> 	Likewise.
> 	* sysdeps/unix/sysv/linux/powerpc/powerpc64/nptl/libc.abilist:
> 	Likewise.
> 	* sysdeps/unix/sysv/linux/s390/s390-32/nptl/libc.abilist: Likewise.
> 	* sysdeps/unix/sysv/linux/s390/s390-64/nptl/libc.abilist: Likewise.
> 	* sysdeps/unix/sysv/linux/sh/nptl/libc.abilist: Likewise.
> 	* sysdeps/unix/sysv/linux/sparc/sparc32/nptl/libc.abilist: Likewise.
> 	* sysdeps/unix/sysv/linux/sparc/sparc64/nptl/libc.abilist: Likewise.
> 	* sysdeps/unix/sysv/linux/x86_64/64/nptl/libc.abilist: Likewise.
> 	* sysdeps/unix/sysv/linux/x86_64/x32/nptl/libc.abilist: Likewise.
> 	* ports/sysdeps/unix/sysv/linux/alpha/nptl/libc.abilist: Likewise.
> 	* ports/sysdeps/unix/sysv/linux/arm/nptl/libc.abilist: Likewise.
> 	* ports/sysdeps/unix/sysv/linux/ia64/nptl/libc.abilist: Likewise.
> 	* ports/sysdeps/unix/sysv/linux/m68k/coldfire/nptl/libc.abilist:
> 	Likewise.
> 	* ports/sysdeps/unix/sysv/linux/m68k/m680x0/nptl/libc.abilist:
> 	Likewise.
> 	* ports/sysdeps/unix/sysv/linux/mips/mips32/nptl/libc.abilist:
> 	Likewise.
> 	* ports/sysdeps/unix/sysv/linux/mips/mips64/n32/nptl/libc.abilist:
> 	Likewise.
> 	* ports/sysdeps/unix/sysv/linux/mips/mips64/n64/nptl/libc.abilist:
> 	Likewise.
> 	* ports/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/nptl/libc.abilist:
> 	Likewise.
> 	* ports/sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/nptl/libc.abilist:
> 	Likewise.
> 	* ports/sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/nptl/libc.abilist:
> 	Likewise.
> 	* ports/sysdeps/unix/sysv/linux/tile/tilepro/nptl/libc.abilist:
> 	Likewise.

This looks good to me.

If the testing passes please check this in on Monday.

That should give other people enough time to provide additional review over the weekend.

Cheers,
Carlos.
-- 
Carlos O'Donell
Mentor Graphics / CodeSourcery
carlos_odonell@mentor.com
carlos@codesourcery.com
+1 (613) 963 1026

More information about the Libc-alpha mailing list