Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

10. Environment (ENV)

Created by Robert Seacord, last modified by Robert Seacord (Manager) on May 30, 2008

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

ENV00-A. Do not store the pointer to the string returned by getenv()

ENV01-A. Do not make assumptions about the size of an environment variable

ENV02-A. Beware of multiple environment variables with the same name

ENV03-A. Sanitize the environment before invoking external programs

ENV04-A. Do not call system() if you do not need a command processor

Rules

ENV30-C. Do not modify the string returned by getenv()

ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it

ENV32-C. No atexit handler should terminate in any way other than by returning

ENV33-C. Do not call the longjmp function to terminate a call to a function registered by atexit()

Risk Assessment Summary

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
ENV00-A	low	unlikely	medium	P2	L3
ENV01-A	high	unlikely	low	P9	L2
ENV02-A	medium	unlikely	low	P6	L2
ENV03-A	medium	probable	medium	P8	L2
ENV04-A	high	probable	medium	P12	L1

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
ENV30-C	low	unlikely	low	P3	L3
ENV31-C	low	unlikely	low	P3	L3
ENV32-C	low	unlikely	low	P3	L3
ENV33-C	low	unlikely	low	P3	L3

Related Rules and Recommendations

DUMMY ENV03-J

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-C. Do not make assumptions about the size of an environment variable

ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it

ENV02-C. Beware of multiple environment variables with the same effective name

ENV02-J. Do not trust the values of environment variables

ENV03-C. Sanitize the environment when invoking external programs

ENV03-J. Do not grant dangerous combinations of permissions

ENV04-J. Do not disable bytecode verification

ENV05-J. Do not deploy an application that can be remotely monitored

ENV06-J. Production code must not contain debugging entry points

ENV30-C. Do not modify the object referenced by the return value of certain functions

ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it

ENV32-C. All exit handlers must return normally

ENV33-C. Do not call system()

ENV34-C. Do not store pointers returned by certain functions

Rec. 10. Environment (ENV)

Rec. 10. Environment (ENV)

Rule 10. Environment (ENV)

Rule 10. Environment (ENV)

Rule 16. Runtime Environment (ENV)

09. Input Output (FIO) ENV00-A. Do not store the pointer to the string returned by getenv()

No labels