getenv(3) — Linux manual page


GETENV(3)               Linux Programmer's Manual              GETENV(3)

NAME         top

       getenv, secure_getenv - get an environment variable

SYNOPSIS         top

       #include <stdlib.h>

       char *getenv(const char *name);
       char *secure_getenv(const char *name);

   Feature Test Macro Requirements for glibc (see


DESCRIPTION         top

       The getenv() function searches the environment list to find the
       environment variable name, and returns a pointer to the
       corresponding value string.

       The GNU-specific secure_getenv() function is just like getenv()
       except that it returns NULL in cases where "secure execution" is
       required.  Secure execution is required if one of the following
       conditions was true when the program run by the calling process
       was loaded:

       *  the process's effective user ID did not match its real user ID
          or the process's effective group ID did not match its real
          group ID (typically this is the result of executing a set-
          user-ID or set-group-ID program);

       *  the effective capability bit was set on the executable file;

       *  the process has a nonempty permitted capability set.

       Secure execution may also be required if triggered by some Linux
       security modules.

       The secure_getenv() function is intended for use in general-
       purpose libraries to avoid vulnerabilities that could occur if
       set-user-ID or set-group-ID programs accidentally trusted the

RETURN VALUE         top

       The getenv() function returns a pointer to the value in the
       environment, or NULL if there is no match.

VERSIONS         top

       secure_getenv() first appeared in glibc 2.17.

ATTRIBUTES         top

       For an explanation of the terms used in this section, see

       │Interface                         Attribute     Value       │
       │getenv(), secure_getenv()         │ Thread safety │ MT-Safe env │

CONFORMING TO         top

       getenv(): POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.

       secure_getenv() is a GNU extension.

NOTES         top

       The strings in the environment list are of the form name=value.

       As typically implemented, getenv() returns a pointer to a string
       within the environment list.  The caller must take care not to
       modify this string, since that would change the environment of
       the process.

       The implementation of getenv() is not required to be reentrant.
       The string pointed to by the return value of getenv() may be
       statically allocated, and can be modified by a subsequent call to
       getenv(), putenv(3), setenv(3), or unsetenv(3).

       The "secure execution" mode of secure_getenv() is controlled by
       the AT_SECURE flag contained in the auxiliary vector passed from
       the kernel to user space.

SEE ALSO         top

       clearenv(3), getauxval(3), putenv(3), setenv(3), unsetenv(3),
       capabilities(7), environ(7)

COLOPHON         top

       This page is part of release 5.13 of the Linux man-pages project.
       A description of the project, information about reporting bugs,
       and the latest version of this page, can be found at

GNU                            2021-03-22                      GETENV(3)

Pages that refer to this page: clearenv(3)getauxval(3)pmgetconfig(3)putenv(3)setenv(3)tzset(3)attributes(7)environ(7)groff_diff(7)