Re: [Fwd: Re: Clearing environ]

To:	Glenn Fowler <gsf@xxxxxxxxxxxxxxxx>
Subject:	Re: [Fwd: Re: Clearing environ]
From:	"Robert C. Seacord" <rcs@xxxxxxxx>
Date:	Fri, 01 Aug 2008 15:11:42 -0400
Cc:	austin-group-l@xxxxxxxxxxxxx, gwc@xxxxxxxxxxxxx
References:	<1217604384.26163.32.camel@xxxxxx> <200808011542.m71Fgc2p002689@xxxxxx> <20080801160715.GA14327@xxxxxx> <200808011654.m71GsV9i005409@xxxxxx> <20080801171355.GA15855@xxxxxx> <200808011753.m71HrjBf007690@xxxxxx>

Glenn,

Comments below.

On Fri, 1 Aug 2008 18:13:57 +0100 Geoff Clare wrote:

Glenn Fowler <gsf@xxxxxx> wrote, on 01 Aug 2008:

I saw that and believe that "compliant" and "if available"
are mutually exclusive, i.e., compliance should be w.r.t.
the standard and not the output of ./configure

I see what you mean. It does seem a little odd at first, but it
makes sense once you realise the heading "Compliant Solution" means
the code complies with the CERT C Secure Coding Standard, whereas
the "non-standard" label means the function is not in C99/POSIX.

thanks for clarifying the "compliant" and "non-standard" connections
I still don't buy it from a standards document though

is it wrong to think that "standard" obviates "./configure"?

in this case it is. first, The CERT C Secure Coding Standard is not a standard in the same sense that POSIX is a standard. that is, we are not trying to specify an operational environment, just trying to give platform and implementation-independent C coding guidance. in particular, the scope of this coding standard is C99. a more complete definition of the scope and rationale for the scope is available at:

https://www.securecoding.cert.org/confluence/display/seccode/Scope

in part, this page states:

Rules and recommendations included in this /CERT C Programming Language Secure Coding Standard/ are designed to be operating system and platform independent. However, the best solutions to secure coding problems are often platform specific. In most cases, this standard provides appropriate compliant solutions for POSIX-compliant and Windows operating systems.

Geoff Clare and Nick Stoughton (among others) have been contributed to this effort, so I think the document is "POSIX-friendly" but we are always interested in additional comments.

In this particular case, I agree with the concern that "non-standard" is rather ambiguous in this context. I went ahead and modified the text to state:

The clearenv() function (which is not defined by either C99 or POSIX) may be used to clear out the environment where available, otherwise it can be cleared by obtaining a list of environment variable names from environ and removing each one using unsetenv().

I would also be happy to add a fully-POSIX compliant solution, especially if someone could provide one. :-)

Thanks,
rcs

<Prev in Thread]	Current Thread	[Next in Thread>
[Fwd: Re: Clearing environ], Andrew Josey Re: [Fwd: Re: Clearing environ], Glenn Fowler Re: [Fwd: Re: Clearing environ], Geoff Clare Re: [Fwd: Re: Clearing environ], Glenn Fowler Re: [Fwd: Re: Clearing environ], Geoff Clare Re: [Fwd: Re: Clearing environ], Glenn Fowler Re: [Fwd: Re: Clearing environ], Robert C. Seacord <= wait() spec (SIGCHLD ignored), Michael Kerrisk Re: wait() spec (SIGCHLD ignored), Roland McGrath Re: wait() spec (SIGCHLD ignored), Michael Kerrisk Re: [Fwd: Re: Clearing environ], David-Sarah Hopwood

Previous by Date:	Re: [Fwd: Re: Clearing environ], Glenn Fowler
Next by Date:	Re: [Fwd: Re: Clearing environ], David-Sarah Hopwood
Previous by Thread:	Re: [Fwd: Re: Clearing environ], Glenn Fowler
Next by Thread:	wait() spec (SIGCHLD ignored), Michael Kerrisk
Indexes:	[Date] [Thread] [All Lists]