[metadata]
id = "ENV03-C"
type = "recommendation"
category = "ENV"
number = 3
title = "Sanitize the environment when invoking external programs"
description = """
Many programs and libraries, including the shared library loader on both UNIX
and Windows systems, depend on environment variable settings. Because
environment variables are inherited from the parent process when a program is
executed, an attacker can easily sabotage variables, causing a program to behave
in an unexpected and insecure manner [Viega 2003]. All programs, particularly
those running with higher privileges than the caller (such as those
withsetuid/setgidflags), should treat their environment as untrusted user input.
Because the environment is inherited by processes spawned by calls to
thefork(),system(), orexec()functions, it is important to verify that the
environment does not contain any values that can lead to unexpected behavior.
The best practice for such programs is to
"""
severity = "High"
likelihood = "Likely"
priority = "P9"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 20, 2025"
[rules.cert_c.ENV03-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/ENV03-C.+Sanitize+the+environment+when+invoking+external+programs"
cwe = ["CWE-78", "CWE-88", "CWE-426", "CWE-471", "CWE-807"]