SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 3

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
system(argv[1]);

Compliant Solution (POSIX)

Wiki Markup
Sanitize the environment by setting required variables to safe values and removing extraneous environment variables.  Set {{IFS}} to its default of " \t\n" (the first character is a space character). Set the {{PATH}} environment variable to {{_PATH_STDPATH}} defined in {{paths.h}}.  Preserve the {{TZ}} environment variable (if present) which denotes the time zone (see the Open Group Base Specifications Issue 6 specifies for the  format for this variable \[[Open Group 04|AA. C References#Open Group 04]\]).

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV03-A

2 (high)

2 (probable)

2 (medium)

P8

L2

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment"

Wiki Markup
\[[Open Group 04|AA. C References#Open Group 04]\] Chapter 8, "Environment Variables"

Wiki Markup
\[[Wheeler 03|AA. C References#Wheeler 03]\] [Section 5.2, "Environment Variables"|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/environment-variables.html]

Wiki Markup
\[[Viega 03|AA. C References#Viega 03]\] Section 1.1, "Sanitizing the Environment"