Re: env -u behavior

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: env -u behavior

From:	Jim Meyering
Subject:	Re: env -u behavior
Date:	Mon, 26 Oct 2009 22:39:59 +0100

Eric Blake wrote:

> Eric Blake <ebb9 <at> byu.net> writes:
>
>> Glad you agree.  How about this patch?
>>
>> * src/env.c (main): Use unsetenv rather than putenv to remove
>> items from environ, and check for failure.
>
> Since there is a gnulib module for unsetenv, I've modified my proposed patch 
> to
> pick it up.  Meanwhile, I noticed that we can kill some dead code.  (For that
> matter, stdbuf wasn't even modifying environ directly.)
>
> By the way, the POSIX folks recently admitted that setenv() is better than
> putenv(), in that the former allows implementations to provide O(log n)
> searching (by maintaining env as a sorted array) or even O(1) searching (by
> maintaining a hidden counterpart hashtable) compared to the traditional O(n)
> behavior (of stepping through every array entry), if the implementation is
> allowed to assume that the user can't muck inappropriately with pointers
> reachable from raw environ.  But in the current wording of their ruling, they
> also stated that changing raw environ (as currently done in env.c and su.c)
> renders an application non-conforming, with behavior of subsequent functions
> (like execve) no longer being guaranteed.  In other words, when it is time to
> replace the environment, it is unportable to use the O(1) swap of setting
> environ=new_environ, and a compliant app must instead implement an O(n) 
> clearenv
> () wrapper (for systems where it is not already provided natively) which
> repeatedly calls unsetenv() for every name currently in the environment.
> http://austingroupbugs.net/view.php?id=167
> http://www.opengroup.org/austin/mailarchives/ag/msg44144.html

Interesting.  Thanks for the summary.

> The Austin group also recently opened up their bug database for anonymous
> viewing, so the above link should no longer require you to register.
> https://www.opengroup.org/sophocles/show_mail.tpl?CALLER=index.tpl&source=L&listname=austin-group-l&id=12951

Good news.

> Personally, I'm not too worried about the Austin ruling - yes, our code in
> env.c and su.c is no longer strictly conforming, but until someone points out
> an actual system where directly resetting environ messes up their expected
> behavior, I'm not going to try to patch the code based on paranoia.  And I 
> will
> be chiming in to the Austin group asking that swapping environ itself (which 
> is
> different than altering contents reachable from environ) be supported by the
> standards, similar to Joerg Schilling's request:
> http://www.opengroup.org/austin/mailarchives/ag/msg43077.html
>
> At any rate, is this patch OK to apply?

Yes.  That looks fine.
Thanks!

[Prev in Thread]

Current Thread

[Next in Thread]

Re: env -u behavior, (continued)
- Re: env -u behavior, Eric Blake, 2009/10/23
  - Re: env -u behavior, Mike Frysinger, 2009/10/24
    - Re: env -u behavior, Eric Blake, 2009/10/24
    - Re: env -u behavior, Andreas Schwab, 2009/10/24
- Re: env -u behavior, Mike Frysinger, 2009/10/24
  - Re: env -u behavior, Eric Blake, 2009/10/24
    - Re: env -u behavior, Mike Frysinger, 2009/10/25
    - Re: env -u behavior, Eric Blake, 2009/10/26
    - Re: env -u behavior, Mike Frysinger, 2009/10/26
    - Re: env -u behavior, Eric Blake, 2009/10/26
    - Re: env -u behavior, Jim Meyering <=

Prev by Date: Re: env+nice, one bug fix, two test corrections
Next by Date: Re: env+nice, one bug fix, two test corrections
Previous by thread: Re: env -u behavior
Next by thread: avoid new test failures
Index(es):
- Date
- Thread