1. In a sane world, the answer would be "of course not, that would be stupid!" In this world, though, it seems there is no end of gut-wrenchingly poorly thought out undocumented behavior upon which people will stoop to depending upon. Raymond Chenhas a great collection of such anecdotes (anecdon'ts?) in his blog. Such as the hideous practice of using a bug in the loader to share thread-local variables between an exe and a DLL. When you have as many customers as Microsoft does, the only safe choice is to never even risk breaking backwards compatibility.

2. The difference in warnings is because cl.exeis going out of its way to highlight a potential security problem, and g++isn't. getenvand putsand friends are all still broken under POSIX, but (at least for getenv) there isn't a more secure alternative in the standard library. And, unlike Microsoft, the GNU folks probably see a standard library call with potential security problems as a lesser evil than a more secure but platform-specific library call.

1. 在一个理智的世界里，答案是“当然不会，那太愚蠢了！” 然而，在这个世界上，人们会屈服于依赖的令人痛苦的深思熟虑的无证行为似乎永无止境。Raymond Chen在他的博客中收集了大量这样的轶事（轶事？）。例如使用加载程序中的错误在 exe 和 DLL 之间共享线程局部变量的可怕做法。当您拥有与 Microsoft 一样多的客户时，唯一安全的选择就是永远不要冒险破坏向后兼容性。

2. 警告的不同之处在于cl.exe，它会特意强调潜在的安全问题，而g++事实并非如此。getenv和puts和朋友们在 POSIX 下仍然被破坏，但是（至少对于getenv）标准库中没有更安全的替代方案。而且，与 Microsoft 不同的是，GNU 人员可能将具有潜在安全问题的标准库调用视为比更安全但特定于平台的库调用的危害较小。

It annoys the heck outta me that Microsoft chose to do this. I know how to call all the functions safely, I don't want or need these extra warnings.

微软选择这样做让我很恼火。我知道如何安全地调用所有函数，我不想要或不需要这些额外的警告。

Just set _CRT_SECURE_NO_WARNINGS and be done with it. It's really that silly.

只需设置 _CRT_SECURE_NO_WARNINGS 并完成它。真的是那么傻。

For the specific case of getenv, it is indeed not reentrant or thread safe. As for why Microsoft doesn't just replace it, you can't take that interface and make it reentrant (you can almost make it "thread safe" with thread local storage, but it would still not be reentrant).

对于 的特定情况getenv，它确实不是可重入的或线程安全的。至于为什么微软不只是替换它，你不能拿那个接口让它可重入（你几乎可以用线程本地存储使它“线程安全”，但它仍然不会是可重入的）。

Even if you just took getenvaway altogether, there is still the problem that you have the environvariable which would require some serious compiler level support to make thread safe, since it is just data.

即使您完全拿走getenv，仍然存在一个问题，即您拥有environ需要一些严格的编译器级别支持才能使线程安全的变量，因为它只是数据。

Really, using environment variables for anything other than "setting it up before the process starts or at process start, and only reading from it from that point on" is going to probably end in tears if you have more than one thread. setenvand putenvdon't have a rich enough interface to express something like "set this set of environment variables atomically" and likewise getenvdoesn't have a way to express "read this set of environment variables atomically".

真的，如果您有多个线程，除了“在进程开始之前或在进程开始时设置它，并且只从那一刻开始读取它”之外，将环境变量用于任何其他事情可能会以流泪结束。setenv并且putenv没有足够丰富的接口来表达诸如“以原子方式设置这组环境变量”之类的内容，同样getenv也没有办法表达“以原子方式读取这组环境变量”。

_dupenv_sis somewhat silly in my opinion, because if using that suddenly makes your code safe, it could probably done in a safe way with getenv. _dupenv_ssolves a tiny subset of the problems with using environment variables in a multithreaded scenario.

_dupenv_s在我看来有点愚蠢，因为如果使用它突然使您的代码安全，它可能可以通过 getenv 以安全的方式完成。_dupenv_s解决了在多线程场景中使用环境变量的一小部分问题。