Rename __secure_getenv to secure_getenv

ChangeLog

@@ -1,3 +1,66 @@
+2012-07-25  Florian Weimer  <fweimer@redhat.com>
+
+	* Versions.def: Add GLIBC_2.17.
+
+	* stdlib/stdlib.h: Rename __secure_getenv to secure_getenv.
+	* include/stdlib.h: Rename __secure_getenv to secure_getenv.
+	Introduce __libc_secure_getenv.
+	* stdlib/Versions: Add secure_getenv and __libc_secure_getenv.
+	* stdlib/secure-getenv.c: Likewise.  Update copyright years.
+	* stdlib/tst-secure-getenv.c: New.
+	* stdlib/Makefile (tests): Add testcase.
+
+	* manual/startup.texi (Environment Access): Document
+	secure_getenv.
+
+	* hesiod/hesiod.c (hesiod_init): Rename __secure_getenv to
+	__libc_secure_getenv.
+	* inet/ruserpass.c (ruserpass): Likewise.
+	* malloc/mtrace.c (mtrace): Likewise.
+	* sysdeps/mach/hurd/tmpfile.c (__tmpfile): Likewise.
+	* sysdeps/posix/libc_fatal.c (__libc_fatal): Likewise.  Update
+	copyright years.
+	* sysdeps/posix/sysconf.c (__sysconf__check_spec): Likewise.
+	* sysdeps/posix/tempname.c: Likewise.  Evaluate
+	HAVE_SECURE_GETENV.
+	* sysdeps/unix/sysv/linux/libc_fatal.c (__libc_message): Rename
+	__secure_getenv to __libc_secure_getenv.  Update copyright years.
+
+	* sysdeps/unix/sysv/linux/i386/nptl/libc.abilist: Add secure_getenv.
+	* sysdeps/unix/sysv/linux/libc_fatal.c: Likewise.
+	* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/nptl/libc.abilist:
+	Likewise.
+	* sysdeps/unix/sysv/linux/powerpc/powerpc64/nptl/libc.abilist:
+	Likewise.
+	* sysdeps/unix/sysv/linux/s390/s390-32/nptl/libc.abilist: Likewise.
+	* sysdeps/unix/sysv/linux/s390/s390-64/nptl/libc.abilist: Likewise.
+	* sysdeps/unix/sysv/linux/sh/nptl/libc.abilist: Likewise.
+	* sysdeps/unix/sysv/linux/sparc/sparc32/nptl/libc.abilist: Likewise.
+	* sysdeps/unix/sysv/linux/sparc/sparc64/nptl/libc.abilist: Likewise.
+	* sysdeps/unix/sysv/linux/x86_64/64/nptl/libc.abilist: Likewise.
+	* sysdeps/unix/sysv/linux/x86_64/x32/nptl/libc.abilist: Likewise.
+	* ports/sysdeps/unix/sysv/linux/alpha/nptl/libc.abilist: Likewise.
+	* ports/sysdeps/unix/sysv/linux/arm/nptl/libc.abilist: Likewise.
+	* ports/sysdeps/unix/sysv/linux/ia64/nptl/libc.abilist: Likewise.
+	* ports/sysdeps/unix/sysv/linux/m68k/coldfire/nptl/libc.abilist:
+	Likewise.
+	* ports/sysdeps/unix/sysv/linux/m68k/m680x0/nptl/libc.abilist:
+	Likewise.
+	* ports/sysdeps/unix/sysv/linux/mips/mips32/nptl/libc.abilist:
+	Likewise.
+	* ports/sysdeps/unix/sysv/linux/mips/mips64/n32/nptl/libc.abilist:
+	Likewise.
+	* ports/sysdeps/unix/sysv/linux/mips/mips64/n64/nptl/libc.abilist:
+	Likewise.
+	* ports/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/nptl/libc.abilist:
+	Likewise.
+	* ports/sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/nptl/libc.abilist:
+	Likewise.
+	* ports/sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/nptl/libc.abilist:
+	Likewise.
+	* ports/sysdeps/unix/sysv/linux/tile/tilepro/nptl/libc.abilist:
+	Likewise.
+
 2012-07-25  Joseph Myers  <joseph@codesourcery.com>
 
 	* sysdeps/generic/ldsodefs.h (struct La_i86_regs): Remove.

NEWS

@@ -17,6 +17,10 @@ Version 2.17
   zEnterprise z196.
   Implemented by Andreas Krebbel.
 
+* The new function secure_getenv allows secure access to the environment,
+  returning NULL if running in a SUID/SGID process.  This function replaces
+  the internal function __secure_getenv.
+
 
 Version 2.16
 

Versions.def

@@ -33,6 +33,7 @@ libc {
   GLIBC_2.14
   GLIBC_2.15
   GLIBC_2.16
+  GLIBC_2.17
   HURD_CTHREADS_0.3
 %ifdef EXPORT_UNWIND_FIND_FDE
   GCC_3.0

hesiod/hesiod.c

@@ -87,7 +87,7 @@ hesiod_init(void **context) {
 	ctx->classes[0] = C_IN;
 	ctx->classes[1] = C_HS;
 
-	configname = __secure_getenv("HESIOD_CONFIG");
+	configname = __libc_secure_getenv("HESIOD_CONFIG");
 	if (!configname)
 	  configname = _PATH_HESIOD_CONF;
 	if (parse_config_file(ctx, configname) < 0) {
@@ -109,7 +109,7 @@ hesiod_init(void **context) {
 	 * The default RHS can be overridden by an environment
 	 * variable.
 	 */
-	if ((cp = __secure_getenv("HES_DOMAIN")) != NULL) {
+	if ((cp = __libc_secure_getenv("HES_DOMAIN")) != NULL) {
 		free(ctx->RHS);
 		ctx->RHS = malloc(strlen(cp)+2);
 		if (!ctx->RHS)

include/stdlib.h

@@ -33,12 +33,13 @@ libc_hidden_proto (__strtold_l)
 libc_hidden_proto (exit)
 libc_hidden_proto (abort)
 libc_hidden_proto (getenv)
+extern __typeof (secure_getenv) __libc_secure_getenv;
+libc_hidden_proto (__libc_secure_getenv)
 libc_hidden_proto (bsearch)
 libc_hidden_proto (qsort)
 libc_hidden_proto (qsort_r)
 libc_hidden_proto (lrand48_r)
 libc_hidden_proto (wctomb)
-libc_hidden_proto (__secure_getenv)
 
 extern long int __random (void);
 extern void __srandom (unsigned int __seed);

inet/ruserpass.c

@@ -102,7 +102,7 @@ ruserpass(host, aname, apass)
 	int t, usedefault = 0;
 	struct stat64 stb;
 
-	hdir = __secure_getenv("HOME");
+	hdir = __libc_secure_getenv("HOME");
 	if (hdir == NULL) {
 		/* If we can't get HOME, fail instead of trying ".",
 		   which is no improvement. This really should call

malloc/mtrace.c

@@ -309,7 +309,7 @@ mtrace ()
   /* When compiling the GNU libc we use the secure getenv function
      which prevents the misuse in case of SUID or SGID enabled
      programs.  */
-  mallfile = __secure_getenv (mallenv);
+  mallfile = __libc_secure_getenv (mallenv);
 #else
   mallfile = getenv (mallenv);
 #endif

manual/startup.texi

@@ -310,11 +310,15 @@ character, since this is assumed to terminate the string.
 
 The value of an environment variable can be accessed with the
 @code{getenv} function.  This is declared in the header file
-@file{stdlib.h}.  Modifications of enviroment variables are not
-allowed in Multi-threaded programs.  The @code{getenv} function
-can be safely used in multi-threaded programs
+@file{stdlib.h}.
 @pindex stdlib.h
 
+Libraries should use @code{secure_getenv} instead of @code{getenv}, so
+that they do not accidentally use untrusted environment variables.
+Modifications of environment variables are not allowed in
+multi-threaded programs.  The @code{getenv} and @code{secure_getenv}
+functions can be safely used in multi-threaded programs.
+
 @comment stdlib.h
 @comment ISO
 @deftypefun {char *} getenv (const char *@var{name})
@@ -326,6 +330,18 @@ environment variable @var{name} is not defined, the value is a null
 pointer.
 @end deftypefun
 
+@comment stdlib.h
+@comment GNU
+@deftypefun {char *} secure_getenv (const char *@var{name})
+This function is similar to @code{getenv}, but it returns a null
+pointer if the environment is untrusted.  This happens when the
+program file has SUID or SGID bits set.  General-purpose libraries
+should always prefer this function over @code{getenv} to avoid
+vulnerabilities if the library is referenced from a SUID/SGID program.
+
+This function is a GNU extension.
+@end deftypefun
+
 
 @comment stdlib.h
 @comment SVID

ports/sysdeps/unix/sysv/linux/alpha/nptl/libc.abilist

@@ -1811,6 +1811,9 @@ GLIBC_2.16
  sys_errlist D 0x460
  sys_nerr D 0x4
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _IO_adjust_wcolumn F

ports/sysdeps/unix/sysv/linux/arm/nptl/libc.abilist

@@ -78,6 +78,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.4
  GLIBC_2.4 A
  _Exit F

ports/sysdeps/unix/sysv/linux/ia64/nptl/libc.abilist

@@ -78,6 +78,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _Exit F

ports/sysdeps/unix/sysv/linux/m68k/coldfire/nptl/libc.abilist

@@ -79,6 +79,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.4
  GLIBC_2.4 A
  _Exit F

ports/sysdeps/unix/sysv/linux/m68k/m680x0/nptl/libc.abilist

@@ -1767,6 +1767,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _IO_adjust_wcolumn F

ports/sysdeps/unix/sysv/linux/mips/mips32/nptl/libc.abilist

@@ -2242,3 +2242,6 @@ GLIBC_2.9
  pipe2 F
 _gp_disp
  _gp_disp A
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F

ports/sysdeps/unix/sysv/linux/mips/mips64/n32/nptl/libc.abilist

@@ -1390,6 +1390,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _Exit F

ports/sysdeps/unix/sysv/linux/mips/mips64/n64/nptl/libc.abilist

@@ -1388,6 +1388,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _Exit F

ports/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/nptl/libc.abilist

@@ -1772,6 +1772,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _IO_adjust_wcolumn F

ports/sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/nptl/libc.abilist

@@ -2080,3 +2080,6 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F

ports/sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/nptl/libc.abilist

@@ -2080,3 +2080,6 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F

ports/sysdeps/unix/sysv/linux/tile/tilepro/nptl/libc.abilist

@@ -2080,3 +2080,6 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F

stdlib/Makefile

@@ -68,7 +68,9 @@ tests		:= tst-strtol tst-strtod testmb testrand testsort testdiv   \
 		   tst-atof1 tst-atof2 tst-strtod2 tst-strtod3 tst-rand48-2 \
 		   tst-makecontext tst-strtod4 tst-strtod5 tst-qsort2	    \
 		   tst-makecontext2 tst-strtod6 tst-unsetenv1		    \
-		   tst-makecontext3 bug-getcontext bug-fmtmsg1
+		   tst-makecontext3 bug-getcontext bug-fmtmsg1		    \
+		   tst-secure-getenv
+tests-static	:= tst-secure-getenv
 
 include ../Makeconfig
 

stdlib/Versions

@@ -6,7 +6,7 @@ libc {
     # functions used in inline functions or macros
     __strto*_internal;
 
-    # functions used in other libraries
+    # compatibility symbol
     __secure_getenv;
 
     # a*
@@ -103,11 +103,16 @@ libc {
   GLIBC_2.13 {
     __fentry__;
   }
+  GLIBC_2.17 {
+    secure_getenv;
+  }
   GLIBC_PRIVATE {
     # functions which have an additional interface since they are
     # are cancelable.
     __libc_system;
     # Variable which needs a dynamic symbol table entry.
     __abort_msg;
+    # Used from other libraries
+    __libc_secure_getenv;
   }
 }

stdlib/secure-getenv.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 1991, 1992, 1994, 1996, 2002 Free Software Foundation, Inc.
+/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -18,13 +18,20 @@
 #include <stdlib.h>
 #include <unistd.h>
 
+#include <shlib-compat.h>
+
 /* Some programs and especially the libc itself have to be careful
    what values to accept from the environment.  This special version
    checks for SUID or SGID first before doing any work.  */
 char *
-__secure_getenv (name)
+__libc_secure_getenv (name)
      const char *name;
 {
   return __libc_enable_secure ? NULL : getenv (name);
 }
-libc_hidden_def (__secure_getenv)
+weak_alias (__libc_secure_getenv, secure_getenv)
+libc_hidden_weak (__libc_secure_getenv)
+
+#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_16)
+compat_symbol (libc, __libc_secure_getenv, __secure_getenv, GLIBC_2_0);
+#endif

stdlib/stdlib.h

@@ -568,10 +568,12 @@ __BEGIN_NAMESPACE_STD
 extern char *getenv (const char *__name) __THROW __nonnull ((1)) __wur;
 __END_NAMESPACE_STD
 
+#ifdef __USE_GNU
 /* This function is similar to the above but returns NULL if the
    programs is running with SUID or SGID enabled.  */
-extern char *__secure_getenv (const char *__name)
+extern char *secure_getenv (const char *__name)
      __THROW __nonnull ((1)) __wur;
+#endif
 
 #if defined __USE_SVID || defined __USE_XOPEN
 /* The SVID says this is in <stdio.h>, but this seems a better place.	*/

stdlib/tst-secure-getenv.c

@@ -0,0 +1,250 @@
+/* Copyright (C) 2012 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+/* Test that secure_getenv works by invoking the test as a SGID
+   program with a group ID from the supplementary group list.  This
+   test can fail spuriously if the user is not a member of a suitable
+   supplementary group. */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+static char MAGIC_ARGUMENT[] = "run-actual-test";
+#define MAGIC_STATUS 19
+
+static const char *test_dir;
+
+/* Return a GID which is not our current GID, but is present in the
+   supplementary group list. */
+static gid_t
+choose_gid (void)
+{
+  const int count = 64;
+  gid_t groups[count];
+  int ret = getgroups (count, groups);
+  if (ret < 0)
+    {
+      perror ("getgroups");
+      exit (1);
+    }
+  gid_t current = getgid ();
+  for (int i = 0; i < ret; ++i)
+    {
+      if (groups[i] != current)
+	return groups[i];
+    }
+  return 0;
+}
+
+
+/* Copies the executable into a restricted directory, so that we can
+   safely make it SGID with the TARGET group ID.  Then runs the
+   executable. */
+static int
+run_executable_sgid (gid_t target)
+{
+  char *dirname = 0;
+  char *execname = 0;
+  int infd = -1;
+  int outfd = -1;
+  int ret = -1;
+  if (asprintf (&dirname, "%s/secure-getenv.%jd",
+		test_dir, (intmax_t) getpid ()) < 0)
+    {
+      perror ("asprintf");
+      goto err;
+    }
+  if (mkdir (dirname, 0700) < 0)
+    {
+      perror ("mkdir");
+      goto err;
+    }
+  if (asprintf (&execname, "%s/bin", dirname) < 0)
+    {
+      perror ("asprintf");
+      goto err;
+    }
+  infd = open ("/proc/self/exe", O_RDONLY);
+  if (infd < 0)
+    {
+      perror ("open");
+      goto err;
+    }
+  outfd = open (execname, O_WRONLY | O_CREAT | O_EXCL, 0700);
+  if (outfd < 0)
+    {
+      perror ("open");
+      goto err;
+    }
+  char buf[4096];
+  for (;;)
+    {
+      ssize_t rdcount = read (infd, buf, sizeof (buf));
+      if (rdcount < 0)
+	{
+	  perror ("read");
+	  goto err;
+	}
+      if (rdcount == 0)
+	break;
+      char *p = buf;
+      char *end = buf + rdcount;
+      while (p != end)
+	{
+	  ssize_t wrcount = write (outfd, buf, end - p);
+	  if (wrcount == 0)
+	    errno = ENOSPC;
+	  if (wrcount <= 0)
+	    {
+	      perror ("write");
+	      goto err;
+	    }
+	  p += wrcount;
+	}
+    }
+  if (fchown (outfd, getuid (), target) < 0)
+    {
+      perror ("fchown");
+      goto err;
+    }
+  if (fchmod (outfd, 02750) < 0)
+    {
+      perror ("fchmod");
+      goto err;
+    }
+  if (close (outfd) < 0)
+    {
+      perror ("close");
+      goto err;
+    }
+  if (close (infd) < 0)
+    {
+      perror ("close");
+      goto err;
+    }
+
+  int kid = fork ();
+  if (kid < 0)
+    {
+      perror ("fork");
+      goto err;
+    }
+  if (kid == 0)
+    {
+      /* Child process. */
+      char *args[] = { execname, MAGIC_ARGUMENT, NULL };
+      execve (execname, args, environ);
+      perror ("execve");
+      _exit (1);
+    }
+  int status;
+  if (waitpid (kid, &status, 0) < 0)
+    {
+      perror ("waitpid");
+      goto err;
+    }
+  if (!WIFEXITED (status) || WEXITSTATUS (status) != MAGIC_STATUS)
+    {
+      fprintf (stderr, "Unexpected exit status %d from child process\n",
+	       status);
+      goto err;
+    }
+  ret = 0;
+
+err:
+  if (outfd >= 0)
+    close (outfd);
+  if (infd >= 0)
+    close (infd);
+  if (execname)
+    {
+      unlink (execname);
+      free (execname);
+    }
+  if (dirname)
+    {
+      rmdir (dirname);
+      free (dirname);
+    }
+  return ret;
+}
+
+static int
+do_test (void)
+{
+  if (getenv ("PATH") == NULL)
+    {
+      fprintf (stderr, "PATH not set\n");
+      exit (1);
+    }
+  if (secure_getenv ("PATH") == NULL)
+    {
+      fprintf (stderr, "PATH not set according to secure_getenv\n");
+      exit (1);
+    }
+  if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0)
+    {
+      fprintf (stderr, "PATH mismatch (%s, %s)\n",
+	       getenv ("PATH"), secure_getenv ("PATH"));
+      exit (1);
+    }
+
+  gid_t target = choose_gid ();
+  if (target == 0)
+    {
+      fprintf (stderr, "Could not find a suitable GID user %jd\n",
+	       (intmax_t) getuid ());
+      exit (1);
+    }
+  return run_executable_sgid (target);
+}
+
+static void
+alternative_main (int argc, char **argv)
+{
+  if (argc == 2 && strcmp (argv[1], MAGIC_ARGUMENT) == 0)
+    {
+      if (getgid () == getegid ())
+	{
+	  fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n",
+		   (intmax_t) getgid ());
+	  exit (2);
+	}
+      if (getenv ("PATH") == NULL)
+	{
+	  fprintf (stderr, "PATH variable not present\n");
+	  exit (3);
+	}
+      if (secure_getenv ("PATH") != NULL)
+	{
+	  fprintf (stderr, "PATH variable not filtered out\n");
+	  exit (4);
+	}
+      exit (MAGIC_STATUS);
+    }
+}
+
+#define PREPARE(argc, argv) alternative_main(argc, argv)
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"

sysdeps/mach/hurd/tmpfile.c

@@ -37,7 +37,7 @@ __tmpfile (void)
   FILE *f;
 
   /* Get a port to the directory that will contain the file.  */
-  const char *dirname = __secure_getenv ("TMPDIR") ?: P_tmpdir;
+  const char *dirname = __libc_secure_getenv ("TMPDIR") ?: P_tmpdir;
   file_t dir = __file_name_lookup (dirname, 0, 0);
   if (dir == MACH_PORT_NULL)
     return NULL;

sysdeps/posix/libc_fatal.c

@@ -1,5 +1,4 @@
-/* Copyright (C) 1993-1995,1997,2000,2004,2005,2009,2011
-	Free Software Foundation, Inc.
+/* Copyright (C) 1993-2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -61,7 +60,7 @@ __libc_message (int do_abort, const char *fmt, ...)
 
   /* Open a descriptor for /dev/tty unless the user explicitly
      requests errors on standard error.  */
-  const char *on_2 = __secure_getenv ("LIBC_FATAL_STDERR_");
+  const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
   if (on_2 == NULL || *on_2 == '\0')
     fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
 

sysdeps/posix/sysconf.c

@@ -1,5 +1,4 @@
-/* Copyright (C) 1991,1993,1995-1997,1999-2003,2004,2006,2009
-	Free Software Foundation, Inc.
+/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -1259,7 +1258,7 @@ __sysconf_check_spec (const char *spec)
 {
   int save_errno = errno;
 
-  const char *getconf_dir = __secure_getenv ("GETCONF_DIR") ?: GETCONF_DIR;
+  const char *getconf_dir = __libc_secure_getenv ("GETCONF_DIR") ?: GETCONF_DIR;
   size_t getconf_dirlen = strlen (getconf_dir);
   size_t speclen = strlen (spec);
 

sysdeps/posix/tempname.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 1991-2001, 2006, 2007, 2009 Free Software Foundation, Inc.
+/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -101,8 +101,12 @@
 # define __xstat64(version, path, buf) stat (path, buf)
 #endif
 
-#if ! (HAVE___SECURE_GETENV || _LIBC)
-# define __secure_getenv getenv
+#if ! (HAVE_SECURE_GETENV || _LIBC)
+# ifdef HAVE___SECURE_GETENV
+#  define __libc_secure_getenv __secure_getenv
+# else
+#  define __libc_secure_getenv getenv
+# endif
 #endif
 
 #ifdef _LIBC
@@ -168,7 +172,7 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx,
 
   if (try_tmpdir)
     {
-      d = __secure_getenv ("TMPDIR");
+      d = __libc_secure_getenv ("TMPDIR");
       if (d != NULL && direxists (d))
 	dir = d;
       else if (dir != NULL && direxists (dir))

sysdeps/unix/sysv/linux/i386/nptl/libc.abilist

@@ -1811,6 +1811,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _IO_adjust_wcolumn F

sysdeps/unix/sysv/linux/libc_fatal.c

@@ -1,5 +1,4 @@
-/* Copyright (C) 1993-1995,1997,2000,2002-2005,2009,2011
-   Free Software Foundation, Inc.
+/* Copyright (C) 1993-2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -64,7 +63,7 @@ __libc_message (int do_abort, const char *fmt, ...)
 
   /* Open a descriptor for /dev/tty unless the user explicitly
      requests errors on standard error.  */
-  const char *on_2 = __secure_getenv ("LIBC_FATAL_STDERR_");
+  const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
   if (on_2 == NULL || *on_2 == '\0')
     fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
 

sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/nptl/libc.abilist

@@ -1772,6 +1772,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _IO_adjust_wcolumn F

sysdeps/unix/sysv/linux/powerpc/powerpc64/nptl/libc.abilist

@@ -78,6 +78,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.3
  GLIBC_2.3 A
  _Exit F

sysdeps/unix/sysv/linux/s390/s390-32/nptl/libc.abilist

@@ -1763,6 +1763,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _IO_adjust_wcolumn F

sysdeps/unix/sysv/linux/s390/s390-64/nptl/libc.abilist

@@ -84,6 +84,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _Exit F

sysdeps/unix/sysv/linux/sh/nptl/libc.abilist

@@ -84,6 +84,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _Exit F

sysdeps/unix/sysv/linux/sparc/sparc32/nptl/libc.abilist

@@ -1768,6 +1768,9 @@ GLIBC_2.16
  sys_errlist D 0x220
  sys_nerr D 0x4
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _IO_adjust_wcolumn F

sysdeps/unix/sysv/linux/sparc/sparc64/nptl/libc.abilist

@@ -89,6 +89,9 @@ GLIBC_2.16
  sys_errlist D 0x440
  sys_nerr D 0x4
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2
  GLIBC_2.2 A
  _Exit F

sysdeps/unix/sysv/linux/x86_64/64/nptl/libc.abilist

@@ -80,6 +80,9 @@ GLIBC_2.16
  mbrtoc16 F
  mbrtoc32 F
  timespec_get F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F
 GLIBC_2.2.5
  GLIBC_2.2.5 A
  _Exit F

sysdeps/unix/sysv/linux/x86_64/x32/nptl/libc.abilist

@@ -2078,3 +2078,6 @@ GLIBC_2.16
  xencrypt F
  xprt_register F
  xprt_unregister F
+GLIBC_2.17
+ GLIBC_2.17 A
+ secure_getenv F