musl/include
Brent Cook ddddec106f add issetugid function to check for elevated privilege
this function provides a way for third-party library code to use the
same logic that's used internally in libc for suppressing untrusted
input/state (e.g. the environment) when the application is running
with privleges elevated by the setuid or setgid bit or some other
mechanism. its semantics are intended to match the openbsd function by
the same name.

there was some question as to whether this function is necessary:
getauxval(AT_SECURE) was proposed as an alternative. however, this has
several drawbacks. the most obvious is that it asks programmers to be
aware of an implementation detail of ELF-based systems (the aux
vector) rather than simply the semantic predicate to be checked. and
trying to write a safe, reliable version of issetugid in terms of
getauxval is difficult. for example, early versions of the glibc
getauxval did not report ENOENT, which could lead to false negatives
if AT_SECURE was not present in the aux vector (this could probably
only happen when running on non-linux kernels under linux emulation,
since glibc does not support linux versions old enough to lack
AT_SECURE). as for musl, getauxval has always properly reported
errors, but prior to commit 7bece9c209,
the musl implementation did not emulate AT_SECURE if missing, which
would result in a false positive. since musl actually does partially
support kernels that lack AT_SECURE, this was problematic.

the intent is that library authors will use issetugid if its
availability is detected at build time, and only fall back to the
unreliable alternatives on systems that lack it.

patch by Brent Cook. commit message/rationale by Rich Felker.
2014-07-19 21:39:18 -04:00
..
arpa fix argument types for legacy function inet_makeaddr 2014-01-06 22:17:24 -05:00
net net/if_arp.h: add missing ARP hardware identifiers from linux uapi headers 2013-09-15 02:42:29 +00:00
netinet update netinet/in.h to match the current kernel uapi 2014-05-30 13:06:51 -04:00
netpacket add netpacket/packet.h 2011-06-09 21:47:24 -04:00
scsi add legacy scsi/scsi_ioctl.h header 2013-07-03 18:07:50 +02:00
sys implement sendmmsg and recvmmsg 2014-06-19 23:01:15 -04:00
aio.h default features: make musl usable without feature test macros 2012-09-07 23:13:55 -04:00
alloca.h alloca cannot be a function. #define it to the gcc builtin if possible 2012-04-09 15:06:58 -04:00
alltypes.h.in undefine internal-use type macros at the end of alltypes.h 2013-07-22 20:58:04 -04:00
ar.h some extra legacy header stuff 2012-05-06 16:35:32 -04:00
assert.h __assert_fail(): remove _Noreturn, to get proper stacktraces 2013-01-04 20:36:34 +01:00
byteswap.h remove all remaining redundant __restrict/__inline/_Noreturn defs 2012-09-08 17:14:52 -04:00
complex.h make CMPLX macros available in complex.h in non-c11 mode as well 2012-12-11 22:44:36 +01:00
cpio.h initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00
crypt.h replace old and ugly crypt implementation 2012-06-29 00:56:37 -04:00
ctype.h default features: make musl usable without feature test macros 2012-09-07 23:13:55 -04:00
dirent.h refactor headers, especially alltypes.h, and improve C++ ABI compat 2013-07-22 11:22:36 -04:00
dlfcn.h const-qualify the address argument to dladdr 2014-01-06 22:03:38 -05:00
elf.h add or1k (OpenRISC 1000) architecture port 2014-07-18 14:10:23 -04:00
endian.h default features: make musl usable without feature test macros 2012-09-07 23:13:55 -04:00
err.h fix redundant _Noreturn def in err.h 2012-09-08 18:16:33 -04:00
errno.h add support for program_invocation[_short]_name 2013-04-06 17:50:37 -04:00
fcntl.h add flock64 alias for (struct) flock in fcntl.h 2014-02-18 11:04:15 -05:00
features.h add _ALL_SOURCE as an alias for _GNU_SOURCE/enable-everything 2012-12-03 17:02:56 -05:00
fenv.h initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00
float.h write floating point limit constants to 21 significant decimal places 2013-11-20 17:40:33 -05:00
fmtmsg.h implement fmtmsg function 2014-06-21 19:24:15 -04:00
fnmatch.h remove now-unnecessary features.h inclusion from fnmatch.h 2013-12-02 02:06:52 -05:00
ftw.h remove unneeded judgemental commentary from ftw.h 2012-09-07 23:55:11 -04:00
getopt.h add getopt reset support 2012-09-30 20:00:38 -04:00
glob.h default features: make musl usable without feature test macros 2012-09-07 23:13:55 -04:00
grp.h add put*ent functions for passwd/group files and similar for shadow 2013-04-04 19:23:47 -04:00
iconv.h remove all remaining redundant __restrict/__inline/_Noreturn defs 2012-09-08 17:14:52 -04:00
ifaddrs.h make ifaddrs.h expose sys/socket.h 2013-04-10 22:38:46 -04:00
inttypes.h fix inttypes.h PRI and SCN macros for [u]intptr_t types 2013-10-30 14:52:55 -04:00
iso646.h add previously-missing ios646.h 2011-02-14 21:59:38 -05:00
langinfo.h fix multiple minor namespace issues in headers 2013-10-20 22:01:51 -04:00
lastlog.h some extra legacy header stuff 2012-05-06 16:35:32 -04:00
libgen.h initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00
libintl.h initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00
limits.h increase TTY_NAME_MAX limit to 32 2013-11-29 12:45:09 -05:00
link.h add missing c++ extern "C" wrapping to link.h 2013-08-02 16:52:17 -04:00
locale.h restore type of NULL to void * except when used in C++ programs 2013-11-24 21:42:55 -05:00
malloc.h initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00
math.h math.h: make __FLOAT_BITS and __DOUBLE_BITS C89 2014-03-09 19:29:41 +01:00
memory.h add memory.h, bogus legacy alias for string.h 2012-03-01 01:34:58 -05:00
mntent.h add profile for getmntent_r 2011-04-13 15:24:26 -04:00
monetary.h remove all remaining redundant __restrict/__inline/_Noreturn defs 2012-09-08 17:14:52 -04:00
mqueue.h remove all remaining redundant __restrict/__inline/_Noreturn defs 2012-09-08 17:14:52 -04:00
netdb.h add support for ipv6 scope_id to getaddrinfo and getnameinfo 2014-06-04 02:24:38 -04:00
nl_types.h refactor headers, especially alltypes.h, and improve C++ ABI compat 2013-07-22 11:22:36 -04:00
paths.h remove duplicate definition of _PATH_LASTLOG in paths.h 2013-12-03 20:34:36 -05:00
poll.h add linux extension POLLRDHUP to poll.h 2012-12-26 16:55:49 -05:00
pthread.h add pthread_setaffinity_np and pthread_getaffinity_np functions 2013-08-10 21:41:05 -04:00
pty.h fix __cplusplus extern "C" closing brace in pty.h (typo?) 2011-11-10 21:01:24 -05:00
pwd.h add put*ent functions for passwd/group files and similar for shadow 2013-04-04 19:23:47 -04:00
regex.h make regoff_t and regex_t match C++ ABI 2013-07-22 14:39:59 -04:00
resolv.h fix res_mkquery and res_send prototypes in resolv.h 2013-12-04 21:31:39 +00:00
sched.h add sched_{get,set}attr syscall numbers and SCHED_DEADLINE macro 2014-05-30 13:06:51 -04:00
search.h implement hcreate_r, hdestroy_r and hsearch_r 2014-04-02 18:37:45 -04:00
semaphore.h remove all remaining redundant __restrict/__inline/_Noreturn defs 2012-09-08 17:14:52 -04:00
setjmp.h change jmp_buf to share an underlying type and struct tag with sigjmp_buf 2013-07-24 02:17:02 -04:00
shadow.h initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00
signal.h overhaul siginfo_t definition in signal.h 2014-05-24 20:39:46 -04:00
spawn.h fix some restrict-qualifier mismatches in newly added interfaces 2012-11-27 09:44:30 -05:00
stdalign.h implement "low hanging fruit" from C11 2012-08-25 23:15:13 -04:00
stdarg.h use compiler builtins for variadic macros when available 2011-04-27 23:41:48 -04:00
stdbool.h stdbool.h should define __bool_true_false_are_defined even for C++ 2013-08-28 00:41:00 -04:00
stddef.h restore type of NULL to void * except when used in C++ programs 2013-11-24 21:42:55 -05:00
stdint.h change wint_t to unsigned 2013-07-22 13:05:41 -04:00
stdio.h restore type of NULL to void * except when used in C++ programs 2013-11-24 21:42:55 -05:00
stdio_ext.h stdio_ext.h needs to include stdio.h, at least to get FILE... 2012-08-24 16:16:30 -04:00
stdlib.h fix signed and unsigned comparision in macros in public headers 2014-02-11 10:51:16 +01:00
stdnoreturn.h add stdnoreturn.h (C11) 2012-09-08 00:14:25 -04:00
string.h restore type of NULL to void * except when used in C++ programs 2013-11-24 21:42:55 -05:00
strings.h namespace conformance to latest standards in strings.h 2013-02-26 01:30:36 -05:00
stropts.h add isastream (obsolete STREAMS junk) 2012-05-06 09:03:19 -04:00
syscall.h header file fixes: multiple include guard consistency and correctness 2012-06-15 21:52:53 -04:00
sysexits.h add sysexits.h legacy header 2011-04-05 15:40:36 -04:00
syslog.h remove hack in syslog.h that resulted in aliasing violations 2014-06-21 07:44:46 -04:00
tar.h initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00
termios.h default features: make musl usable without feature test macros 2012-09-07 23:13:55 -04:00
tgmath.h math: more correct tgmath.h type cast logic 2012-12-19 10:57:54 +01:00
time.h fix const-correctness of argument to stime 2014-01-07 03:02:14 -05:00
ucontext.h fixup mcontext stuff to expost gregset_t/fpregset_t as appropriate 2012-11-25 23:04:23 -05:00
ulimit.h initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00
unistd.h add issetugid function to check for elevated privilege 2014-07-19 21:39:18 -04:00
utime.h initial check-in, version 0.5.0 2011-02-12 00:22:29 -05:00
utmp.h fix namespace violations in utmpx.h 2014-01-08 19:36:29 -05:00
utmpx.h fix namespace violations in utmpx.h 2014-01-08 19:36:29 -05:00
values.h add legacy header values.h 2013-01-04 20:36:34 +01:00
wait.h add workaround header for wait.h remapping to sys/wait.h 2013-09-01 01:01:31 -04:00
wchar.h restore type of NULL to void * except when used in C++ programs 2013-11-24 21:42:55 -05:00
wctype.h fix feature test macro logic for _BSD_SOURCE 2013-08-02 18:14:44 -04:00
wordexp.h remove all remaining redundant __restrict/__inline/_Noreturn defs 2012-09-08 17:14:52 -04:00