libstd/env: Add non-Rust synchronization warnings for setenv()

cgwalters · cgwalters · commit 44a5bf1b7d8d · 2015-05-13T21:14:15.000-04:00
See: https://sourceware.org/bugzilla/show_bug.cgi?id=4887#c9 https://bugs.freedesktop.org/show_bug.cgi?id=65681 I just noticed this while talking to someone who was using `os.environ['FOO'] = 'BAR'` in Python and since I'm learning Rust, I was curious if it did anything special here. It looks like Rust has an internal mutex, which helps for apps that are pure Rust, but it will be an evil trap for someone later adding in native code (apps like Servo and games will be at risk). Java got this right by disallowing `setenv()` from the start. I suggest Rust program authors only use `setenv()` early in main.
diff --git a/src/libstd/env.rs b/src/libstd/env.rs
@@ -243,6 +243,17 @@ impl Error for VarError {
 /// Sets the environment variable `k` to the value `v` for the currently running
 /// process.
 ///
+/// Note that while concurrent access to environment variables is safe in Rust,
+/// some platforms only expose inherently unsafe non-threadsafe APIs for
+/// inspecting the environment. As a result extra care needs to be taken when
+/// auditing calls to unsafe external FFI functions to ensure that any external
+/// environment accesses are properly synchronized with accesses in Rust.
+///
+/// Discussion of this unsafety on Unix may be found in:
+///
+///  - [Austin Group Bugzilla](http://austingroupbugs.net/view.php?id=188)
+///  - [GNU C library Bugzilla](https://sourceware.org/bugzilla/show_bug.cgi?id=15607#c2)
+///
 /// # Examples
 ///
 /// ```
@@ -260,6 +271,17 @@ pub fn set_var<K: AsRef<OsStr>, V: AsRef<OsStr>>(k: K, v: V) {
 
 /// Removes an environment variable from the environment of the currently running process.
 ///
+/// Note that while concurrent access to environment variables is safe in Rust,
+/// some platforms only expose inherently unsafe non-threadsafe APIs for
+/// inspecting the environment. As a result extra care needs to be taken when
+/// auditing calls to unsafe external FFI functions to ensure that any external
+/// environment accesses are properly synchronized with accesses in Rust.
+///
+/// Discussion of this unsafety on Unix may be found in:
+///
+///  - [Austin Group Bugzilla](http://austingroupbugs.net/view.php?id=188)
+///  - [GNU C library Bugzilla](https://sourceware.org/bugzilla/show_bug.cgi?id=15607#c2)
+///
 /// # Examples
 ///
 /// ```
