...
POSIX also specifies the confstr() function, which can be used to look up default values for environment variables [Open Group 2004IEEE Std 1003.1:2013]. POSIX.1-2008 defines a new _CS_V7_ENV argument to confstr() to retrieve a list of environment variable settings required for a default conforming environment [Austin Group 2008]. A space-separated list of variable=value pairs is returned, with variable names guaranteed not to contain equal signs (=), and variable=value pairs guaranteed not to contain spaces. Used together with the _CS_PATH request, this completely describes the minimum environment variable settings required to obtain a clean, conforming environment. On systems conforming to the POSIX.1-2008 standard, this should be used to create a sanitized environment.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| PRQA QA-C |
| Warncall warncall -wc system | Partially implemented |
...
| [Austin Group 2008] | Vol. 2, System Interfaces, confstr() | ||
| [CA-1995-14] | "Telnetd Environment Vulnerability" | ||
| [Dowd 2006] | Chapter 10, "UNIX II: Processes" | ||
| [IEEE Std 1003.1:2013] | Chapter 8, "Environment Variables" XSH, System Interfaces, confstr | ||
| [ISO/IEC 9899:2011] | Subclause 7.22.4, "Communication with the Environment" | [Open Group 2004] | Chapter 8, "Environment Variables"confstr() |
| [Viega 2003] | Section 1.1, "Sanitizing the Environment" | ||
| [Wheeler 2003] | Section 5.2, "Environment Variables" |
...