summaryrefslogtreecommitdiff
path: root/include/unistd.h
AgeCommit message (Collapse)AuthorLines
2014-09-10fix places where _BSD_SOURCE failed to yield a superset of _XOPEN_SOURCERich Felker-3/+0
the vast majority of these failures seem to have been oversights at the time _BSD_SOURCE was added, or perhaps shortly afterward. the one which may have had some reason behind it is omission of setpgrp from the _BSD_SOURCE feature profile, since the standard setpgrp interface conflicts with a legacy (pre-POSIX) BSD interface by the same name. however, such omission is not aligned with our general policy in this area (for example, handling of similar _GNU_SOURCE cases) and should not be preserved.
2014-07-19add issetugid function to check for elevated privilegeBrent Cook-0/+1
this function provides a way for third-party library code to use the same logic that's used internally in libc for suppressing untrusted input/state (e.g. the environment) when the application is running with privleges elevated by the setuid or setgid bit or some other mechanism. its semantics are intended to match the openbsd function by the same name. there was some question as to whether this function is necessary: getauxval(AT_SECURE) was proposed as an alternative. however, this has several drawbacks. the most obvious is that it asks programmers to be aware of an implementation detail of ELF-based systems (the aux vector) rather than simply the semantic predicate to be checked. and trying to write a safe, reliable version of issetugid in terms of getauxval is difficult. for example, early versions of the glibc getauxval did not report ENOENT, which could lead to false negatives if AT_SECURE was not present in the aux vector (this could probably only happen when running on non-linux kernels under linux emulation, since glibc does not support linux versions old enough to lack AT_SECURE). as for musl, getauxval has always properly reported errors, but prior to commit 7bece9c2095ee81f14b1088f6b0ba2f37fecb283, the musl implementation did not emulate AT_SECURE if missing, which would result in a false positive. since musl actually does partially support kernels that lack AT_SECURE, this was problematic. the intent is that library authors will use issetugid if its availability is detected at build time, and only fall back to the unreliable alternatives on systems that lack it. patch by Brent Cook. commit message/rationale by Rich Felker.
2014-05-19remove unsupported nonstandard sysconf macros and their table entriesRich Felker-60/+0
some of these may have been from ancient (pre-SUSv2) POSIX versions; more likely, they were from POSIX drafts or glibc interpretations of what ancient versions of POSIX should have added (instead they made they described functionality mandatory and/or dropped it completely). others are purely glibc-isms, many of them ill-thought-out, like providing ways to lookup the min/max values of types at runtime (despite the impossibility of them changing at runtime and the impossibility of representing ULONG_MAX in a return value of type long). since our sysconf implementation does not support or return meaningful values for any of these, it's harmful to have the macros around; applications' build scripts may detect and attempt to use them, only to get -1/EINVAL as a result. if removing them does break some applications, and it's determined that the usage was reasonable, some of these could be added back on an as-needed basis, but they should return actual meaningful values, not junk like they were returning before.
2014-04-20expose public execvpe interfaceM Farkas-Dyck-0/+1
2013-12-06add posix_close, accepted for inclusion in the next issue of POSIXRich Felker-0/+3
this is purely a wrapper for close since Linux does not support EINTR semantics for the close syscall.
2013-11-24restore type of NULL to void * except when used in C++ programsRich Felker-0/+4
unfortunately this eliminates the ability of the compiler to diagnose some dangerous/incorrect usage, but POSIX requires (as an extension to the C language, i.e. CX shaded) that NULL have type void *. plain C allows it to be defined as any null pointer constant. the definition 0L is preserved for C++ rather than reverting to plain 0 to avoid dangerous behavior in non-conforming programs which use NULL as a variadic sentinel. (it's impossible to use (void *)0 for C++ since C++ lacks the proper implicit pointer conversions, and other popular alternatives like the GCC __null extension seem non-conforming to the standard's requirements.)
2013-08-03add prototypes for euidaccess/eaccessRich Felker-0/+2
2013-07-27a few more fixes for unistd/sysconf feature reportingRich Felker-0/+1
2013-07-26report presence of ADV and MSG options in unistd.h and sysconfRich Felker-0/+2
2013-07-26report that posix_spawn is supported in unistd.h and sysconfRich Felker-0/+1
2013-06-26document in sysconf and unistd.h that per-thread cpu clocks existRich Felker-0/+1
2013-04-02re-add useconds_trofl0r-0/+1
this type was removed back in 5243e5f1606a9c6fcf01414e , because it was removed from the XSI specs. however some apps use it. since it's in the POSIX reserved namespace, we can expose it unconditionally.
2013-01-18use a common definition of NULL as 0L for C and C++Rich Felker-6/+1
the historical mess of having different definitions for C and C++ comes from the historical C definition as (void *)0 and the fact that (void *)0 can't be used in C++ because it does not convert to other pointer types implicitly. however, using plain 0 in C++ exposed bugs in C++ programs that call variadic functions with NULL as an argument and (wrongly; this is UB) expect it to arrive as a null pointer. on 64-bit machines, the high bits end up containing junk. glibc dodges the issue by using a GCC extension __null to define NULL; this is observably non-conforming because a conforming application could observe the definition of NULL via stringizing and see that it is neither an integer constant expression with value zero nor such an expression cast to void. switching to 0L eliminates the issue and provides compatibility with broken applications, since on all musl targets, long and pointers have the same size, representation, and argument-passing convention. we could maintain separate C and C++ definitions of NULL (i.e. just use 0L on C++ and use (void *)0 on C) but after careful analysis, it seems extremely difficult for a C program to even determine whether NULL has integer or pointer type, much less depend in subtle, unintentional ways, on whether it does. C89 seems to have no way to make the distinction. on C99, the fact that (int)(void *)0 is not an integer constant expression, along with subtle VLA/sizeof semantics, can be used to make the distinction, but many compilers are non-conforming and give the wrong result to this test anyway. on C11, _Generic can trivially make the distinction, but it seems unlikely that code targetting C11 would be so backwards in caring which definition of NULL an implementation uses. as such, the simplest path of using the same definition for NULL in both C and C++ was chosen. the #undef directive was also removed so that the compiler can catch and give a warning or error on redefinition if buggy programs have defined their own versions of NULL prior to inclusion of standard headers.
2012-12-10syscall() declaration belongs in unistd.h, not sys/syscall.hRich Felker-0/+1
traditionally, both BSD and GNU systems have it this way. sys/syscall.h is purely syscall number macros. presently glibc exposes the syscall declaration in unistd.h only with _GNU_SOURCE, but that does not reflect historical practice.
2012-12-06unistd.h: fix wrong type for gid_t argumentrofl0r-1/+1
the prototype is defined with const gid_t* rather than const gid_t[]. it was already correctly defined in grp.h.
2012-11-11report support of TPS option in unistd.h and sysconfRich Felker-0/+1
also update another newish feature in sysconf, stackaddr
2012-11-01avoid breakage if somebody wrongly defines empty feature test macrosRich Felker-1/+1
2012-09-30define some _POSIX_* macros that were omitted; required for XSI conformanceRich Felker-0/+3
2012-09-29always expose dup3 and pipe2Rich Felker-2/+2
they will be in the next version of POSIX
2012-09-16add clock_adjtime, remap_file_pages, and syncfs syscall wrappersRich Felker-0/+1
patch by Justin Cormack, with slight modification
2012-09-09add setdomainname syscall, fix getdomainname (previously a stub)Rich Felker-0/+1
2012-09-08add acct, accept4, setns, and dup3 syscalls (linux extensions)Rich Felker-0/+2
based on patch by Justin Cormack
2012-09-07default features: make musl usable without feature test macrosRich Felker-12/+1
the old behavior of exposing nothing except plain ISO C can be obtained by defining __STRICT_ANSI__ or using a compiler option (such as -std=c99) that predefines it. the new default featureset is POSIX with XSI plus _BSD_SOURCE. any explicit feature test macros will inhibit the default. installation docs have also been updated to reflect this change.
2012-09-06further use of _Noreturn, for non-plain-C functionsRich Felker-1/+8
note that POSIX does not specify these functions as _Noreturn, because POSIX is aligned with C99, not the new C11 standard. when POSIX is eventually updated to C11, it will almost surely give these functions the _Noreturn attribute. for now, the actual _Noreturn keyword is not used anyway when compiling with a c99 compiler, which is what POSIX requires; the GCC __attribute__ is used instead if it's available, however. in a few places, I've added infinite for loops at the end of _Noreturn functions to silence compiler warnings. presumably __buildin_unreachable could achieve the same thing, but it would only work on newer GCCs and would not be portable. the loops should have near-zero code size cost anyway. like the previous _Noreturn commit, this one is based on patches contributed by philomath.
2012-09-06use restrict everywhere it's required by c99 and/or posix 2008Rich Felker-3/+9
to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
2012-08-15improve headers to better deal with removed-in-posix-2008 featuresRich Felker-2/+6
with this patch, setting _POSIX_SOURCE, or setting _POSIX_C_SOURCE or _XOPEN_SOURCE to an old version, will bring back the interfaces that were removed in POSIX 2008 - at least the ones i've covered so far, which are gethostby*, usleep, and ualarm. if there are other functions still in widespread use that were removed for which similar changes would be beneficial, they can be added just like this.
2012-07-23add pipe2 syscallRich Felker-0/+1
based on patch by orc and Isaac Dunham, with some details fixed.
2012-06-04_GNU_SOURCE is supposed to imply _LARGEFILE64_SOURCERich Felker-1/+1
this is ugly and stupid, but now that the *64 symbol names exist, a lot of broken GNU software detects them in configure, then either breaks during build due to missing off64_t definition, or attempts to compile without function declarations/prototypes. "fixing" it here is easier than telling everyone to add yet another feature test macro to their builds.
2012-06-02declare environ in unistd.h when _GNU_SOURCE feature test macro is usedRich Felker-0/+1
lots of broken programs expect this, and it's gotten to the point of being a troubleshooting FAQ topic. best to just fix it.
2012-05-22remove everything related to forkallRich Felker-1/+0
i made a best attempt, but the intended semantics of this function are fundamentally contradictory. there is no consistent way to handle ownership of locks when forking a multi-threaded process. the code could have worked by accident for programs that only used normal mutexes and nothing else (since they don't actually store or care about their owner), but that's about it. broken-by-design interfaces that aren't even in glibc (only solaris) don't belong in musl.
2012-05-22some feature test fixes for unistd.hRich Felker-16/+16
2012-05-22_GNU_SOURCE implies all BSD features except ones GNU rejectsRich Felker-1/+1
2012-05-22various header cleanups, some related to _BSD_SOURCE additionRich Felker-11/+4
there is no reason to avoid multiple identical macro definitions; this is perfectly legal C, and even with the maximal warning options enabled, gcc does not issue any warning for it.
2012-05-22support _BSD_SOURCE feature test macroRich Felker-3/+17
patch by Isaac Dunham. matched closely (maybe not exact) to glibc's idea of what _BSD_SOURCE should make visible.
2012-05-20move getpass decl to the right placeRich Felker-0/+1
2012-05-04add support for ugly *64 functions with _LARGEFILE64_SOURCERich Felker-0/+10
musl does not support legacy 32-bit-off_t whatsoever. off_t is always 64 bit, and correct programs that use off_t and the standard functions will just work out of the box. (on glibc, they would require -D_FILE_OFFSET_BITS=64 to work.) however, some programs instead define _LARGEFILE64_SOURCE and use alternate versions of all the standard types and functions with "64" appended to their names. we do not want code to actually get linked against these functions (it's ugly and inconsistent), so macros are used instead of prototypes with weak aliases in the library itself. eventually the weak aliases may be added at the library level for the sake of using code that was originally built against glibc, but the macros will still be the desired solution in the headers.
2012-04-22implement getusershell, etc. legacy functionsRich Felker-0/+3
I actually wrote these a month ago but forgot to integrate them. ugly, probably-harmful-to-use functions, but some legacy apps want them...
2012-04-22getdtablesize is not standard; move it to its correct spot in unistd.hRich Felker-1/+1
2012-04-22add getresuid and getresgid syscall wrappersRich Felker-0/+2
2012-04-18legacy junk compatibility grab-bagRich Felker-0/+2
- add the rest of the junk traditionally in sys/param.h - add prototypes for some nonstandard functions - add _GNU_SOURCE to their source files so the compiler can check proto
2012-02-17add get_current_dir_name functionRich Felker-0/+1
2011-09-13fix various errors in function signatures/prototypes found by nszRich Felker-3/+3
2011-08-12implement forkallRich Felker-0/+1
this is a "nonstandard" function that was "rejected" by POSIX, but nonetheless had its behavior documented in the POSIX rationale for fork. it's present on solaris and possibly some other systems, and duplicates the whole calling process, not just a single thread. glibc does not have this function. it should not be used in programs intending to be portable, but may be useful for testing, checkpointing, etc. and it's an interesting (and quite small) example of the usefulness of the __synccall framework originally written to work around deficiencies in linux's setuid syscall.
2011-04-27correct variadic prototypes for execl* familyRich Felker-3/+3
the old versions worked, but conflicted with programs which declared their own prototypes and generated warnings with some versions of gcc.
2011-04-13fix prototypes/signature for setgroups, etc.Rich Felker-1/+1
2011-04-03prototype getdtablesize (nonstandard function)Rich Felker-0/+1
2011-04-03add setresuid/setresgid functions (nonstandard)Rich Felker-0/+2
2011-04-01remove obsolete and useless useconds_t typeRich Felker-3/+2
2011-02-27implement fexecveRich Felker-0/+1
2011-02-19prototypes for brk and sbrkRich Felker-0/+2