man: document preference for secure_getenv() in coding style

author Lennart Poettering <lennart@poettering.net>

Mon, 14 Oct 2024 09:55:59 +0000 (11:55 +0200)

committer Luca Boccassi <luca.boccassi@gmail.com>

Mon, 14 Oct 2024 11:31:37 +0000 (12:31 +0100)
author Lennart Poettering <lennart@poettering.net>
Mon, 14 Oct 2024 09:55:59 +0000 (11:55 +0200)
committer Luca Boccassi <luca.boccassi@gmail.com>
Mon, 14 Oct 2024 11:31:37 +0000 (12:31 +0100)
diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md

index 82ed0a553c69b6e0d4046cbf4d3d66393b7c308a..48fa4b093d0f06157eec9ba1733b9d1ea107d5e8 100644 (file)
--- a/docs/CODING_STYLE.md
+++ b/docs/CODING_STYLE.md
@@ -591,6 +591,14 @@ SPDX-License-Identifier: LGPL-2.1-or-later
    important for objects that unprivileged users may allocate, but also matters
    for everything else any user may allocate.
  
+- Please use `secure_getenv()` for all environment variable accesses, unless
+  it's clear that `getenv()` would be the better choice. This matters in
+  particular in `src/basic/` and `src/shared/` (i.e. library code that might
+  end up in unexpected processes), but should be followed everywhere else too
+  (in order to make it unproblematic to move code around). To say this clearly:
+  the default should be `secure_getenv()`, the exception should be regular
+  `getenv()`.
+
  ## Types
  
  - Think about the types you use. If a value cannot sensibly be negative, do not
author	Lennart Poettering <lennart@poettering.net>
	Mon, 14 Oct 2024 09:55:59 +0000 (11:55 +0200)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Mon, 14 Oct 2024 11:31:37 +0000 (12:31 +0100)