Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

10. Environment (ENV)

Created by Robert Seacord, last modified by Kazunori Takeuchi on Nov 05, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

ENV00-C. Do not store the pointer to the string returned by getenv()

ENV01-C. Do not make assumptions about the size of an environment variable

ENV02-C. Beware of multiple environment variables with the same effective name

ENV03-C. Sanitize the environment when invoking external programs

ENV04-C. Do not call system() if you do not need a command processor

Rules

ENV30-C. Do not modify the object pointed to by the return value of functions that gives environmental setting

ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it

ENV32-C. All atexit handlers must return normally

Risk Assessment Summary

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
ENV00-C	low	probable	medium	P4	L3
ENV01-C	high	likely	medium	P18	L1
ENV02-C	low	unlikely	medium	P2	L3
ENV03-C	high	likely	high	P9	L2
ENV04-C	high	probable	medium	P12	L1

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
ENV30-C	low	probable	medium	P4	L3
ENV31-C	low	probable	medium	P4	L3
ENV32-C	medium	likely	medium	P12	L1

Related Rules and Recommendations

DUMMY ENV03-J

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-C. Do not make assumptions about the size of an environment variable

ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it

ENV02-C. Beware of multiple environment variables with the same effective name

ENV02-J. Do not trust the values of environment variables

ENV03-C. Sanitize the environment when invoking external programs

ENV03-J. Do not grant dangerous combinations of permissions

ENV04-J. Do not disable bytecode verification

ENV05-J. Do not deploy an application that can be remotely monitored

ENV06-J. Production code must not contain debugging entry points

ENV30-C. Do not modify the object referenced by the return value of certain functions

ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it

ENV32-C. All exit handlers must return normally

ENV33-C. Do not call system()

ENV34-C. Do not store pointers returned by certain functions

Rec. 10. Environment (ENV)

Rec. 10. Environment (ENV)

Rule 10. Environment (ENV)

Rule 10. Environment (ENV)

Rule 16. Runtime Environment (ENV)

CERT C Secure Coding Standard ENV00-C. Do not store the pointer to the string returned by getenv()

No labels