It is unfortunate that this discourages this use of chroot(2)
without pointing out alternative solutions - for example,
OpenSSH and vsftpd both still rely on chroot(2) for security.
Bind mounts should theoretically be usable as a replacement, but
currently, they have a similar problem (CVE-2015-2925) that hasn't
been fixed in ~6 months, so I'd rather not add it to the manpage
as a solution before a fix lands.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think fexecve() is thread-safe. But, there
is not marking of fexecve() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think
* setaliasent(),
* endaliasent(),
* getaliasent_r(),
* getaliasbyname_r(),
are thread-safe. And
* getaliasent(),
* getaliasbyname(),
are not thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think
* res_ninit(),
* res_nquery(),
* res_nsearch(),
* res_nquerydomain(),
* res_nmkquery(),
* res_nsend(),
* dn_comp(),
* dn_expand()
are thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think
* rresvport(),
* iruserok(),
* ruserok(),
* rresvport_af(),
* iruserok_af(),
* ruserok_af(),
are thread-safe. And
* rcmd(),
* rcmd_af(),
are not thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think profil() is not thread-safe. But,
there is not marking of profil() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think
* getservent_r(),
* getservbyname_r(),
* getservbyport_r(),
are thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think
* getrpcent_r(),
* getrpcbyname_r(),
* getrpcbynumber_r(),
are thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think
* setrpcent(),
* endrpcent(),
are thread-safe. And
* getrpcent(),
* getrpcbyname(),
* getrpcbynumber(),
are not thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think
* getprotoent_r(),
* getprotobyname_r(),
* getprotobynumber_r(),
are thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think
* getaddrinfo_a(),
* gai_suspend(),
* gai_error(),
* gai_cancel(),
are thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think
* fts_open(),
* fts_set(),
* fts_close(),
are thread-safe. And
* fts_read(),
* fts_children(),
are not thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think sem_close() is thread-safe. But, there
is not marking of sem_close() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The marking matches glibc marking.
The marking of functions in glibc is:
- rpmatch: MT-Safe locale
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think malloc_trim() is thread-safe. But, there
is not marking of malloc_trim() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think malloc_get_state() and malloc_set_state() are
thread-safe. But, there are not markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think getrpcport() is thread-safe. But, there
is not marking of getrpcport() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think getnameinfo() is thread-safe. But, there
is not marking of getnameinfo() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think getaddrinfo(), freeaddrinfo() and
gai_strerror() are thread-safe. But, there are not markings
of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think dl_iterate_phdr() is thread-safe. But, there
is not marking of dl_iterate_phdr() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think passwd2des(), xencrypt() and xdecrypt() are
thread-safe. But, there are not markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think putgrent() is thread-safe. But, there
is not marking of putgrent() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think pthread_tryjoin_np() and
pthread_timedjoin_np() are thread-safe. But, there
are not markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think pthread_getattr_np() is thread-safe. But,
there is not marking of pthread_getattr_np() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think pthread_cleanup_push() and
pthread_cleanup_pop() are thread-safe. But, there
are not markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think pthread_attr_setaffinity_np() and
pthread_attr_getaffinity_np() are thread-safe. But, there are not
markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think key_decryptsession(), key_setsecret(),
key_encryptsession(), key_gendes() and key_secretkey_is_set() are
thread-safe. But, there are not markings of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think getpw() is thread-safe. But, there
is not marking of getpw() in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
After research, We think getnetent_r(), getnetbyname_r() and
getnetbyaddr_r() are thread-safe. But, there are not markings
of them in glibc document.
Signed-off-by: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
In the "RETURN VALUE" section the word item is in italics
as if it were one of the function parameters. But the word
"item" occurs here for the first time, earlier the text
uses "element". [Patch improves this.]
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
I think the example is more accurate when we use the exact
locale names and also the Euro sign where appropriate.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>