From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 14 Oct 2024 09:55:59 +0000 (+0200)
Subject: man: document preference for secure_getenv() in coding style
X-Git-Tag: v257-rc1~235
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c9b477415a6293b74df67c8118bafb0ef8662819;p=thirdparty%2Fsystemd.git

man: document preference for secure_getenv() in coding style
---

diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md
index 82ed0a553c6..48fa4b093d0 100644
--- a/docs/CODING_STYLE.md
+++ b/docs/CODING_STYLE.md
@@ -591,6 +591,14 @@ SPDX-License-Identifier: LGPL-2.1-or-later
   important for objects that unprivileged users may allocate, but also matters
   for everything else any user may allocate.
 
+- Please use `secure_getenv()` for all environment variable accesses, unless
+  it's clear that `getenv()` would be the better choice. This matters in
+  particular in `src/basic/` and `src/shared/` (i.e. library code that might
+  end up in unexpected processes), but should be followed everywhere else too
+  (in order to make it unproblematic to move code around). To say this clearly:
+  the default should be `secure_getenv()`, the exception should be regular
+  `getenv()`.
+
 ## Types
 
 - Think about the types you use. If a value cannot sensibly be negative, do not