SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 57

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 58

changes.mady.by.user Geoff Clare

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed reference to POSIX.9 (which is for Fortran)

...

Because the C99 standard states that "The set of environment names and the method for altering the environment list are implementation-defined." It is important to understand what local functions are available for clearing, modifying, and looking up default values for environment variables. Because some programs may behave in unexpected ways when certain environment variables are not set, it is important to understand which variables are necessary on your system and what are safe values for them.

The POSIX.9 non-standard function clearenv() may be used to clear out the environment , or where not available, setting environ to NULL should accomplish the same effectotherwise it can be cleared by obtaining a list of environment variable names from environ and removing each one using unsetenv().

Wiki Markup
POSIX also specifies the {{confstr()}} function which can then be used to look up default values for environment variables \[[Open Group 04|AA. C References#Open Group 04]\]. POSIX.1-2008 defines a new {{\_CS_V7_ENV}} argument to {{confstr()}} to retrieve a list of environment variable settings required for a default conforming environment \[[Austin Group 08|AA. C References#Austin Group 08]\]. A space-separated list of variable=value pairs is returned, with variable names guaranteed not to contain = signs, and variable=value pairs guaranteed not to contain spaces. Used together with the {{\_CS_PATH}} request illustrated above, this completely describes the minimum environment variable settings required to obtain a clean conforming environment. On systems conforming to the POSIX.1-2008 standard, this should be used to create a sanitized environment.

...

Wiki Markup
\[[Austin Group 08|AA. C References#Austin Group 08]\] vol. 2, System Interfaces, {{confstr()}}
\[[CA-1995-14|http://www.cert.org/advisories/CA-1995-14.html]\] "Telnetd Environment Vulnerability" 
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 10, "UNIX II: Processes"
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment"
\[[Open Group 04|AA. C References#Open Group 04]\] Chapter 8, "Environment Variables", [{{confstr()}}|http://www.opengroup.org/onlinepubs/009695399/functions/confstr.html]
\[[Viega 03|AA. C References#Viega 03]\] Section 1.1, "Sanitizing the Environment"
\[[Wheeler 03|AA. C References#Wheeler 03]\] [Section 5.2, "Environment Variables"|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/environment-variables.html]

...