On 18 February 2016 at 21:34, Matt Zimmerman <[email protected]> wrote:
> Thanks for following up. My recommendation is to say something like:
>
> This function DOES NOT securely erase the contents of the environment.
> Security-conscious applications which need to do this should use ....
> instead.
So, I think this report is a little confused, but mainly because of
the poor description in the man page.
The security-conscious applications in this context are those that
want to precisely control the environment passed to an exec()ed
program. clearenv() cannot, indeed must not, try to erase the buffers
containing the environment definitions. (See putenv(3) to understand
why.) I've adjusted the man page in away that I hope explains things
better:
The clearenv() function may be useful in security-conscious
applications that want to precisely control the environment that
is passed to programs executed using exec(3). The application
would do this by first clearing the environment and then adding
select environment variables.
Note that the main effect of clearenv() is to adjust the value of
the pointer environ(7); this function does not erase the contents
of the buffers containing the environment definitions.
Cheers,
Michael
