uucore: centralize unsafe env::set_var/remove_var in a wrapper module by sylvestre · Pull Request #12068 · uutils/coreutils

sylvestre · 2026-04-28T20:24:31Z

No description provided.

github-actions · 2026-04-28T20:33:03Z

GNU testsuite comparison:

Skip an intermittent issue tests/date/resolution (fails in this run but passes in the 'main' branch)
Note: The gnu test tests/rm/many-dir-entries-vs-OOM is now being skipped but was previously passing.
Note: The gnu test tests/tail/tail-n0f is now being skipped but was previously passing.
Congrats! The gnu test tests/tail/pipe-f is now passing!

sylvestre · 2026-04-28T21:21:15Z

@oech3 wdyt ? :)

oech3 · 2026-04-28T23:07:31Z

This does not make set_var an actual thread safe function...

xtqqczze · 2026-04-29T07:31:59Z

Sign in to view

+///
+/// Wrapper around [`std::env::set_var`]. See the module documentation for
+/// the safety considerations callers must uphold.
+pub fn set_var<K: AsRef<OsStr>, V: AsRef<OsStr>>(key: K, value: V) {


This violates Rust's safety model. Safe Rust code must never be able to trigger UB by calling a safe function according to its documented signature. This wrapper makes the function safe to call from anywhere, but does not enforce the required invariants.

sure but i don't think it is a big deal. i don't think we have a program dealing with env variable in a parallel context

dd, sort

and external crates

i think you are overreacting. afaik, it doesn't introduce safety issues

sylvestre · 2026-04-29T08:26:00Z

This does not make set_var an actual thread safe function...

of course but it centralized its management

oech3 · 2026-05-11T05:26:32Z

How about adding unsafe { uucore::env::declare_single_thread() }?

xtqqczze · 2026-05-11T12:38:29Z

How about adding unsafe { uucore::env::declare_single_thread() }?

How would that help? std::env::set_var was made unsafe precisely because there’s no way to guarantee that external C libraries access the environment in a thread-safe manner.

xtqqczze · 2026-05-12T09:03:54Z

I think we should remove use of these functions instead: #12238

oech3 · 2026-05-14T12:16:05Z

Can we wrap Mutex here?

xtqqczze · 2026-05-14T13:01:21Z

A mutex doesn't address the soundness issue, see rust-lang/rust#124636 (comment).

cc: @ChrisDenton

ChrisDenton · 2026-05-14T13:18:11Z

In an application if you can be 100% certain there is only one thread then it is safe to mutate the environment because another function literally can't be called while you're using set_var or remove_var.

If there are, or could be, multiple threads then there would need to be some way to guarantee that no thread (directly or indirectly) accesses the environment. This is practically impossible to uphold since many things can read the environment (e.g. almost any libc function reserves the right to do so). A mutex doesn't really help.

xtqqczze · 2026-05-14T13:45:30Z

@sylvestre The proposed uucore::env::set_var and uucore::env::remove_var functions are public APIs, so we can’t make guarantees about threading. Once exposed, they need to remain sound under arbitrary usage, including multi-threaded contexts.

tbu- · 2026-05-15T22:05:16Z

It's a bit weird to "centralize" unsafe functions into a single function not marked as unsafe. It moves the unsafe block away from the place where you need to argue that the usage is actually safe.

sylvestre force-pushed the set_var branch 3 times, most recently from 2b3c43d to 14394df Compare April 28, 2026 21:06

uucore: centralize unsafe env::set_var/remove_var in a wrapper module

21c5c76

sylvestre force-pushed the set_var branch from 14394df to 21c5c76 Compare April 28, 2026 21:07

sylvestre marked this pull request as ready for review April 28, 2026 21:20

xtqqczze suggested changes Apr 29, 2026

View reviewed changes

sylvestre requested a review from cakebaker April 30, 2026 09:29

Uh oh!

Conversation

sylvestre commented Apr 28, 2026

Uh oh!

github-actions Bot commented Apr 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sylvestre commented Apr 28, 2026

Uh oh!

oech3 commented Apr 28, 2026

Uh oh!

xtqqczze Apr 29, 2026

Choose a reason for hiding this comment

Uh oh!

sylvestre Apr 30, 2026

Choose a reason for hiding this comment

Uh oh!

oech3 Apr 30, 2026

Choose a reason for hiding this comment

Uh oh!

oech3 Apr 30, 2026

Choose a reason for hiding this comment

Uh oh!

This comment was marked as outdated.

Uh oh!

sylvestre Apr 30, 2026

Choose a reason for hiding this comment

Uh oh!

sylvestre commented Apr 29, 2026

Uh oh!

oech3 commented May 11, 2026

Uh oh!

xtqqczze commented May 11, 2026

Uh oh!

xtqqczze commented May 12, 2026

Uh oh!

oech3 commented May 14, 2026

Uh oh!

xtqqczze commented May 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ChrisDenton commented May 14, 2026

Uh oh!

xtqqczze commented May 14, 2026

Uh oh!

tbu- commented May 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

github-actions Bot commented Apr 28, 2026 •

edited

Loading

xtqqczze commented May 14, 2026 •

edited

Loading