...
- drop privileges once they are no longer necessary (see POS02-A. Follow the principle of least privilege)
- avoid calling
system()(see ENV04-A. Do not call system() if you do not need a command processor) - clear the environment and fill it with trusted or default values (see
This rule is a more specific instance of STR02-A. Sanitize data passed to complex subsystems
...
.
Because the C99 standard states that "The set of environment names and the method for altering the environment list are implementation-defined." It is important to understand what local functions are available for clearing, modifying, and looking up default values for environment variables. Because some programs may behave in unexpected ways when certain environment variables are not set, it is important to understand which variables are necessary on your system and what are safe values for them.
...