Mirrors/rust
1
0
Fork 0
mirror of https://github.com/rust-lang/rust.git synced 2026-04-30 14:52:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
323,412 Commits 10 Branches 157 Tags
beta
Commit Graph

115 Commits

Author SHA1 Message Date
joboet be5f0708e4 std: move sys::pal::os to sys::paths 2026-03-10 00:05:20 +01:00
Jonathan Brouwer 0425a45c89 Rollup merge of #153054 - shri-prakhar:docs-temp-dir-env-vars, r=Mark-Simulacrum 
docs: note env var influence on `temp_dir` and `env_clear` on Windows

On Windows, `env::temp_dir()` internally calls `GetTempPath2`/`GetTempPath`,
which checks the `TMP`, `TEMP`, and `USERPROFILE` environment variables in
order before falling back to the Windows directory. This lookup order was
previously only discoverable by following links to Microsoft documentation.

This PR documents the env var lookup order directly in `env::temp_dir` docs
and notes `GetTempPath2`'s SYSTEM-identity behavior (`C:\Windows\SystemTemp`).

Addresses rust-lang/rust#125439.
 2026-02-28 19:55:51 +01:00
shri-prakhar 220295beef docs: note env var influence on temp_dir and env_clear on Windows 
* docs: explicitly list env vars checked by temp_dir on Windows

On Windows, temp_dir() internally calls GetTempPath2/GetTempPath which
checks TMP, TEMP, USERPROFILE environment variables in order. This
information was previously only available by following links to Microsoft
docs. Making it explicit in Rust's own documentation improves
discoverability.

Addresses #125439.
* docs: note env var influence on temp_dir and env_clear on Windows

On Windows, nv::temp_dir() internally calls GetTempPath2/GetTempPath,
which checks TMP, TEMP, and USERPROFILE in order. Document this
lookup order directly in the 	emp_dir docs rather than requiring users
to follow the link to Microsoft documentation.

Also add a note on Command::env_clear explaining that clearing the
environment affects the child process's 	emp_dir(), not the parent's.

Closes #125439.
* docs: drop Windows env_clear temp_dir note
 2026-02-28 16:29:48 +00:00
Jonathan Brouwer b16d243cac Rollup merge of #150828 - sourcefrog:doc-exe-security, r=cuviper 
Improved security section in rustdoc for `current_exe`

A few improvements to the security section of the docs about `current_exe`

0. The explanatory link <https://vulners.com/securityvulns/SECURITYVULNS:DOC:22183> is ~~broken~~ not directly very helpful in understanding the risk.
1. It basically previously says to never trust the result, which is IMO too pessimistic to be helpful. It's worth understanding the behavior but if you have a use case to re-exec the current program, which is not uncommon, this is a reasonable way to do it.
2. The particular risk is about setuid/setgid processes that shouldn't fully trust the user that spawned them.
3. IMO the most important risk with this function is that the invoker can control argv and PATH, so I made this more explicit. (Many unixes, including Linux, don't rely on them in the implementation, but some do.)
4. The previous text about TOCTOU and races is IMO not really coherent: if an attacker can write to the location where you're going to re-exec, they can fundamentally control what program is executed. They don't need to race with your execution of current_exe, and there is no up-front check.
5. Briefly explain the pattern of CVE-2009-1894: on Linux, depending on system configuration, an attacker who can create hardlinks to the executable can potentially control `/proc/self/exe`. On modern Linux this should normally require permission to write to the executable.

I did some web research for "argv0 vulnerability" and similar terms and didn't find anything else we should be documenting here. (There are issues about argc=0 but those should be prevented by memory safety in Rust.)

I found what the link seemed to be pointing to in <https://vulners.com/cve/CVE-2009-1894>, which talks about confusing a setuid program by creating a hardlink to its exe. I think this is in very particular circumstances something people should still be concerned about: a setuid program on a machine with `fs.protected_hardlinks = 0`. I don't think this justifies warning people not to use the function at all.

cc @mgeisler
 2026-02-27 14:05:33 +01:00
Stuart Cook 512afea218 Rollup merge of #150993 - Ayush1325:uefi-join-path, r=Mark-Simulacrum 
std: sys: uefi: os: Implement join_paths

- Tested using OVMF using QEMU.

@rustbot label +O-UEFI
 2026-02-02 10:28:31 +11:00
Martin Pool 177dc5a372 Clearer security warnings in std::env::current_exe docs 
Remove somewhat obvious comment about executing attacker-controlled programs.

Be more clear the examples are not exhaustive.
 2026-01-31 21:14:50 -08:00
Zen f5b53682a1 Fix grammar 2026-01-28 23:00:39 -05:00
Ayush Singh 90f0f4b75f std: sys: uefi: os: Implement join_paths 
- PATHS_SEP is defined as global const since I will implement
  split_paths in the future.
- Tested using OVMF using QEMU.

Signed-off-by: Ayush Singh <ayush@beagleboard.org>
 2026-01-27 22:50:49 +05:30
Peter Badida 6173a56716 Fix missing double-quote in std::env::consts::OS values 2025-11-24 18:02:24 +01:00
Tamir Duberstein eb84efc702 Remove <os::Vars as Debug> workaround 2025-11-17 16:05:01 -05:00
Tropical b2634e31c4 std: add support for armv7a-vex-v5 target 
Co-authored-by: Lewis McClelland <lewis@lewismcclelland.me>
 2025-09-24 12:10:15 -05:00
Marijn Schouten 845311a065 remove deprecated Error::description in impls 2025-08-26 06:36:53 +00:00
Jacob Pratt 85e5100ad4 Rollup merge of #141840 - ChrisDenton:noempty, r=ChrisDenton 
If `HOME` is empty, use the fallback instead

This is a minor change in the `home_dir` api. An empty path is never (or should never be) valid so if the `HOME` environment variable is empty then let's use the fallback instead.

r? libs-api
 2025-07-26 22:42:32 -04:00
WANG Rui 38d69c3f57 Add new Tier-3 targets: loongarch32-unknown-none* 
MCP: https://github.com/rust-lang/compiler-team/issues/865
 2025-06-06 08:19:38 +08:00
Chris Denton 921b6c02aa If HOME is empty, use the fallback instead 2025-05-31 21:55:26 +00:00
Thalia Archibald 28deaa6e0e Delegate to inner vec::IntoIter from env::ArgsOs 
Delegate from `std::env::ArgsOs` to the methods of the inner
platform-specific iterators, when it would be more efficient than just
using the default methods of its own impl. Most platforms use
`vec::IntoIter` as the inner type, so prioritize delegating to the
methods it provides.

`std::env::Args` is implemented atop `std::env::ArgsOs` and performs
UTF-8 validation with a panic for invalid data. This is a visible effect
which users certainly rely on, so we can't skip any arguments. Any
further iterator methods would skip some elements, so no change is
needed for that type.

Add `#[inline]` for any methods which simply wrap the inner iterator.
 2025-05-01 15:18:15 -07:00
Thalia Archibald 90fe2805df Move sys::pal::os::Env into sys::env 
Although `Env` (as `Vars`), `Args`, path functions, and OS constants are
publicly exposed via `std::env`, their implementations are each
self-contained. Keep them separate in `std::sys` and make a new module,
`sys::env`, for `Env`.
 2025-04-21 20:56:43 -07:00
Thalia Archibald 37712cc016 Combine env consts into std::sys::env_consts 2025-04-18 19:17:08 -07:00
Matthias Krüger 098db784c7 Rollup merge of #136320 - RalfJung:exit, r=the8472 
exit: document interaction with C

Cc https://github.com/rust-lang/rust/issues/126600
 2025-03-18 10:09:28 +01:00
Guillaume Gomez 17dd2b179c Mention env and option_env macros in std::env::var docs 2025-03-07 22:00:36 +01:00
Michael Goulet 978893ac40 Rollup merge of #137327 - arlosi:home-dir, r=Mark-Simulacrum 
Undeprecate env::home_dir

#132515 fixed the implementation of `env::home_dir`, but didn't remove the deprecation.

Based on [this comment](https://github.com/rust-lang/rust/pull/132515#discussion_r1829715262), libs-api decided to undeprecate in the next release. Let's do that!

cc #132650
 2025-03-06 12:22:11 -05:00
Ralf Jung 7b5e847ae5 exit: document interaction with C 2025-03-04 08:44:05 +01:00
Arlo Siemsen 2c752bcf55 Undeprecate env::home_dir 2025-02-20 11:47:14 -06:00
Wang Han 0d4d752e83 Correct doc about temp_dir() behavior on Android 
Since commit https://github.com/aosp-mirror/platform_frameworks_base/commit/d5ccb038f69193fb63b5169d7adc5da19859c9d8, `TMPDIR` will be set to application's cache dir when app starts.
 2025-02-21 00:13:55 +08:00
Eric Huss ef20a1b1f8 std: Apply deprecated_safe_2024 2025-02-13 13:10:28 -08:00
bjorn3 e00cbf304c Move std::env unit tests to integration tests 2025-01-26 10:28:04 +00:00
clubby789 f7c2d1194d doc: Point to methods on Command as alternatives to set/remove_var 2025-01-17 12:53:58 +00:00
Pietro Albini 4ae92b7adb update version placeholders 2025-01-08 20:02:18 +01:00
Chris Denton c74ede8a9c Expand home_dir docs 2024-12-05 00:26:13 +00:00
许杰友 Jieyou Xu (Joe) 9eeae42de2 Rollup merge of #132515 - kornelski:home_fix, r=jhpratt 
Fix and undeprecate home_dir()

`home_dir()` has been deprecated for 6 years due to using `HOME` env var on Windows.

It's been a long time, and having a perpetually buggy and deprecated function in the standard library is not useful. I propose fixing and undeprecating it.

6 years seems more than long enough to warn users against relying on this function. The change in behavior is minor, and it's more of a bug fix than breakage. The old behavior is unlikely to be useful, and even if anybody actually needed to specifically use the non-standard `HOME` on Windows, they can trivially mitigate this change by reading the env var themselves.

----

Use of `USERPROFILE` is in line with the `home` crate: https://github.com/rust-lang/cargo/blob/37bc5f0232a0bb72dedd2c14149614fd8cdae649/crates/home/src/windows.rs#L12

The `home` crate uses `SHGetKnownFolderPath` instead of `GetUserProfileDirectoryW`. AFAIK it doesn't make any difference in practice, because `SHGetKnownFolderPath` merely adds support for more kinds of folders, including virtual (non-filesystem) folders identified by a GUID, but the specific case of [`FOLDERID_Profile`](https://learn.microsoft.com/en-us/windows/win32/shell/knownfolderid#FOLDERID_Profile) is documented as a FIXED folder (a regular filesystem path). Just in case, I've added a note to documentation that the use of `GetUserProfileDirectoryW` can change.

I've used `CURRENT_RUSTC_VERSION` in a doccomment. `replace-version-placeholder` tool seems to perform a simple string replacement, so hopefully it'll get updated.
 2024-11-30 12:57:33 +08:00
许杰友 Jieyou Xu (Joe) f860f5bf90 Rollup merge of #131505 - madsmtm:darwin_user_temp_dir, r=dtolnay 
use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` as a `TMPDIR` fallback on Darwin

Rebased version of https://github.com/rust-lang/rust/pull/100824, FCP has completed there. Motivation from https://github.com/rust-lang/rust/pull/100824#issuecomment-1262264127:

> This is a behavioral change in an edge case on Darwin platforms (macOS, iOS, ...).
>
> Specifically, this changes it so that iff `TMPDIR` is unset in the environment, then we use `confstr(_CS_DARWIN_USER_TEMP_DIR, ...)` to query the user temporary directory (previously we just returned `"/tmp"`). If this fails (probably possible in a sandboxed program), only then do we fallback to `"/tmp"` (as before).
>
> The motivations here are two-fold:
>
> 1. This is better for security, and is in line with the [platform security recommendations](https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html#//apple_ref/doc/uid/TP40002585-SW10), as it is unavailable to other users (although it is the same value as seen by all other processes run by the same user).
> 2. This is a more consistent fallback for when `getenv("TMPDIR")` is unavailable, as `$TMPDIR` is usually initialized to the `DARWIN_USER_TEMP_DIR`.
>
> It seems quite unlikely that anybody will break because of this, and I think it falls under the carve-out we have for platform specific behavior: https://doc.rust-lang.org/nightly/std/io/index.html#platform-specific-behavior.

Closes https://github.com/rust-lang/rust/issues/99608.
Closes https://github.com/rust-lang/rust/pull/100824.

``@rustbot`` label O-apple T-libs-api

r? Dylan-DPC
 2024-11-23 20:19:52 +08:00
Kornel 4b7f56ac9d Fix and undeprecate home_dir() 2024-11-04 03:06:09 +00:00
Ralf Jung 854e3c43e0 library: consistently use American spelling for 'behavior' 2024-10-25 12:02:47 +02:00
Thom Chiovoloni cbe428d8cb use confstr(_CS_DARWIN_USER_TEMP_DIR, ...) as a TMPDIR fallback on darwin 2024-10-10 18:36:12 +02:00
Matthias Krüger 11fe22c3fb Rollup merge of #128535 - mmvanheusden:master, r=workingjubilee 
Format `std::env::consts` docstrings with markdown backticks

This clarifies possible outputs the constants might be.

**Before:**
--
<img src="https://github.com/user-attachments/assets/8ee8772a-7562-42a2-89be-f8772b76dbd5" width="500px">

**After:**
--
<img src="https://github.com/user-attachments/assets/4632e5e2-db3e-4372-b13e-006cc1701eb1" width="500px">
 2024-09-17 17:28:31 +02:00
Boxy 0091b8ab2a update cfgs 2024-09-05 17:24:01 +01:00
Trevor Gross 332ab61d29 Rollup merge of #128902 - evanj:evan.jones/env-var-doc, r=workingjubilee 
doc: std::env::var: Returns None for names with '=' or NUL byte

The documentation incorrectly stated that std::env::var could return an error for variable names containing '=' or the NUL byte. Copy the correct documentation from var_os.

var_os was fixed in Commit 8a7a665, Pull Request #109894, which closed Issue #109893.

This documentation was incorrectly added in commit f2c0f292, which replaced a panic in var_os by returning None, but documented the change as "May error if ...".

Reference the specific error values and link to them.
 2024-08-18 23:41:47 -05:00
Evan Jones b0023f5a41 code review improvements 2024-08-18 10:43:36 -04:00
Maarten 0328c86996 Refer to other docs 2024-08-16 15:34:51 +00:00
Maarten f8d8aa6190 Add unordered list with possible values for each const 2024-08-15 14:35:22 +00:00
Maarten 8c91a7e9ab Format std::env::consts docstrings 
This clarifies possible outputs the constants might be.
 2024-08-15 14:15:17 +02:00
Tobias Bucher 811d7dd113 #[deprecated_safe_2024]: Also use the // TODO: hint in the compiler error 
This doesn't work for translated compiler error messages.
 2024-08-13 11:32:47 +02:00
Tobias Bucher 399ef23d2b Allow to customize // TODO: comment for deprecated safe autofix 
Relevant for the deprecation of `CommandExt::before_exit` in #125970.
 2024-08-13 11:32:24 +02:00
Evan Jones d5a7c45966 doc: std::env::var: Returns None for names with '=' or NUL byte 
The documentation incorrectly stated that std::env::var could return
an error for variable names containing '=' or the NUL byte. Copy the
correct documentation from var_os.

var_os was fixed in Commit 8a7a665, Pull Request #109894, which
closed Issue #109893.

This documentation was incorrectly added in commit f2c0f292, which
replaced a panic in var_os by returning None, but documented the
change as "May error if ...".

Reference the specific error values and link to them.
 2024-08-09 14:28:31 -04:00
Nicholas Nethercote 84ac80f192 Reformat use declarations. 
The previous commit updated `rustfmt.toml` appropriately. This commit is
the outcome of running `x fmt --all` with the new formatting options.
 2024-07-29 08:26:52 +10:00
Trevor Gross 689d27293a Rollup merge of #125206 - mgeisler:simplify-std-env-vars, r=jhpratt,tgross35 
Simplify environment variable examples

I’ve found myself visiting the documentation for `std::env::vars` every few months, and every time I do, it is because I want to quickly get a snippet to print out all environment variables :-)

So I think it could be nice to simplify the examples a little to make them self-contained. It is of course a style question if one should import a module a not, but I personally don’t import modules used just once in a code snippet.
 2024-07-16 20:10:09 -05:00
Jubilee Young 83a0fe5396 std: Directly call unsafe {un,}setenv in env 2024-07-14 17:08:44 -07:00
Jubilee Young 4572ed6389 std: deny(unsafe_op_in_unsafe_fn) but allow sites 
This provides a list of locations to hunt down issues in.
 2024-07-14 16:44:01 -07:00
bors c25ac9d6cc Auto merge of #126273 - pietroalbini:pa-bootstrap-update, r=Mark-Simulacrum 
Bump stage0 to 1.80.0

r? `@Mark-Simulacrum`
 2024-06-12 18:15:32 +00:00
Chris Denton 751143ef40 set_env: State the conclusion upfront 2024-06-11 17:12:20 +00:00