Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

...

POSIX also specifies the confstr() function, which can be used to look up default values for environment variables [IEEE Std 1003.1:2013]. POSIX.1-2008 defines a new  The _CS_V7_ENV argument to confstr() to retrieve retrieves a list of environment variable settings required for a default conforming environment [Austin Group 2008IEEE Std 1003.1:2013]. A space-separated list of variable=value pairs is returned, with variable names guaranteed not to contain equal signs (=), and variable=value pairs guaranteed not to contain spaces. Used together with the _CS_PATH request, this completely describes the minimum environment variable settings required to obtain a clean, conforming environment. On systems conforming to the POSIX.1-2008 standard, this should be used to create a sanitized environment.

...

There is no portable or guaranteed way to clear out the environment under Windows. Following ENV04ENV33-C. Do not call system() if you do not need a command processor, care should be taken to use _execle(), _execlpe(), _execve(), or _execvpe() instead of system(), because they allow the environment to be explicitly specified.

...

Invoking an external program in an attacker-controlled environment is inherently dangerous.

Recommendation

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

ENV03-C

High

Likely

No

High

No

P9

L2

Automated Detection

Tool

Version

Checker

Description

PRQA QA-C

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5017
LDRA tool suite
Include Page
PRQA
LDRA_V
PRQA
LDRA_V
warncall -wc system
588 SPartially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding Standard
ENV03
VOID ENV01-CPP. Sanitize the environment when invoking external programs
CERT Oracle Secure Coding Standard for JavaIDS07-J.
Do not pass
Sanitize untrusted
, unsanitized
data passed to the Runtime.exec() method
ISO/IEC TR 24772:2013Executing or Loading Untrusted Code [XYS]
MITRE CWECWE-78, Failure to sanitize data into an OS command (aka "OS command injection")
CWE-88, Argument injection or modification
CWE-426, Untrusted search path
CWE-471, Modification of Assumed-Immutable Data (MAID)
CWE-807, Reliance on intrusted inputs in a security decision

Bibliography

...

[CA-1995-14]"Telnetd Environment Vulnerability"
[Dowd 2006]Chapter 10, "UNIX II: Processes"
[IEEE Std 1003.1:2013]Chapter 8, "Environment Variables"
XSH, System Interfaces, confstr
[ISO/IEC 9899:2011]Subclause 7.22.4, "Communication with the Environment"
[Viega 2003]Section 1.1, "Sanitizing the Environment"
[Wheeler 2003]Section 5.2, "Environment Variables"

...


...

Image Modified Image Modified Image Modified