(man page also)

secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it.  Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert

diff --git a/lib/libc/gen/login_cap.3 b/lib/libc/gen/login_cap.3
index 457e4b7..892a9db 100644 (file)
--- a/lib/libc/gen/login_cap.3
+++ b/lib/libc/gen/login_cap.3
@@ -29,10 +29,10 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $OpenBSD: login_cap.3,v 1.17 2015/11/10 23:48:18 jmc Exp $
+.\" $OpenBSD: login_cap.3,v 1.18 2021/06/03 13:38:18 deraadt Exp $
 .\" BSDI $From: login_cap.3,v 1.4 1997/11/07 16:22:27 jch Exp $
 .\"
-.Dd $Mdocdate: November 10 2015 $
+.Dd $Mdocdate: June 3 2021 $
 .Dt LOGIN_GETCLASS 3
 .Os
 .Sh NAME
@@ -44,7 +44,6 @@
 .Nm login_getcapstr ,
 .Nm login_getcaptime ,
 .Nm login_close ,
-.Nm secure_path ,
 .Nm setclasscontext ,
 .Nm setusercontext
 .Nd query login.conf database about a user class
@@ -68,8 +67,6 @@
 .Ft void
 .Fn login_close "login_cap_t *lc"
 .Ft int
-.Fn secure_path "char *path"
-.Ft int
 .Fn setclasscontext "char *class" "unsigned int flags"
 .Ft int
 .Fn setusercontext "login_cap_t *lc" "struct passwd *pwd" "uid_t uid" "unsigned int flags"
@@ -174,13 +171,6 @@ with no value, was found,
 zero otherwise.
 .Pp
 The
-.Fn secure_path
-function takes a path name and returns 0 if the path name is secure, \-1
-if not.
-To be secure a path must exist, be a regular file (and not a directory),
-owned by root, and only writable by the owner (root).
-.Pp
-The
 .Fn setclasscontext
 function takes
 .Ar class ,