man: document preference for secure_getenv() in coding style

(cherry picked from commit c9b477415a6293b74df67c8118bafb0ef8662819) (cherry picked from commit 1f0d68c6e9dc7cc9bd14f47d03eec10389e2c845)
2025-03-12 08:58:20 +03:00 · 2024-10-14 11:55:59 +02:00 · 2024-10-14 11:55:59 +02:00 · 833a89efc7
commit 833a89efc7
parent f4206ba15c
1 changed files with 8 additions and 0 deletions
--- a/docs/CODING_STYLE.md
+++ b/docs/CODING_STYLE.md
@ -557,6 +557,14 @@ SPDX-License-Identifier: LGPL-2.1-or-later
  important for objects that unprivileged users may allocate, but also matters
  for everything else any user may allocate.

+- Please use `secure_getenv()` for all environment variable accesses, unless
+  it's clear that `getenv()` would be the better choice. This matters in
+  particular in `src/basic/` and `src/shared/` (i.e. library code that might
+  end up in unexpected processes), but should be followed everywhere else too
+  (in order to make it unproblematic to move code around). To say this clearly:
+  the default should be `secure_getenv()`, the exception should be regular
+  `getenv()`.
+
 ## Types

 - Think about the types you use. If a value cannot sensibly be negative, do not