Skip to content

Commit 92598cd

Browse files
cgwalterscgwalters
committed
libstd/env: Add non-Rust synchronization warnings for setenv()
See: https://sourceware.org/bugzilla/show_bug.cgi?id=4887#c9 https://bugs.freedesktop.org/show_bug.cgi?id=65681 I just noticed this while talking to someone who was using `os.environ['FOO'] = 'BAR'` in Python and since I'm learning Rust, I was curious if it did anything special here. It looks like Rust has an internal mutex, which helps for apps that are pure Rust, but it will be an evil trap for someone later adding in native code (apps like Servo and games will be at risk). Java got this right by disallowing `setenv()` from the start. I suggest Rust program authors only use `setenv()` early in main.
1 parent 222cd73 commit 92598cd

File tree

1 file changed

+16
-0
lines changed

1 file changed

+16
-0
lines changed

src/libstd/env.rs

+16
Original file line numberDiff line numberDiff line change
@@ -243,6 +243,14 @@ impl Error for VarError {
243243
/// Sets the environment variable `k` to the value `v` for the currently running
244244
/// process.
245245
///
246+
/// Note that while concurrent access to environment variables is safe in Rust,
247+
/// some platforms only expose inherently unsafe non-threadsafe APIs for
248+
/// inspecting the environment. As a result extra care needs to be taken when
249+
/// auditing calls to unsafe external FFI functions to ensure that any external
250+
/// environment accesses are properly synchronized with accesses in Rust.
251+
///
252+
/// An example of this unsafety on Unix can be [found here](http://austingroupbugs.net/view.php?id=188)
253+
///
246254
/// # Examples
247255
///
248256
/// ```
@@ -260,6 +268,14 @@ pub fn set_var<K: AsRef<OsStr>, V: AsRef<OsStr>>(k: K, v: V) {
260268

261269
/// Removes an environment variable from the environment of the currently running process.
262270
///
271+
/// Note that while concurrent access to environment variables is safe in Rust,
272+
/// some platforms only expose inherently unsafe non-threadsafe APIs for
273+
/// inspecting the environment. As a result extra care needs to be taken when
274+
/// auditing calls to unsafe external FFI functions to ensure that any external
275+
/// environment accesses are properly synchronized with accesses in Rust.
276+
///
277+
/// An example of this unsafety on Unix can be [found here](http://austingroupbugs.net/view.php?id=188)
278+
///
263279
/// # Examples
264280
///
265281
/// ```

0 commit comments

Comments
 (0)