From c9b477415a6293b74df67c8118bafb0ef8662819 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 14 Oct 2024 11:55:59 +0200
Subject: man: document preference for secure_getenv() in coding style

---
 docs/CODING_STYLE.md | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'docs')

diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md
index 82ed0a553c..48fa4b093d 100644
--- a/docs/CODING_STYLE.md
+++ b/docs/CODING_STYLE.md
@@ -591,6 +591,14 @@ SPDX-License-Identifier: LGPL-2.1-or-later
   important for objects that unprivileged users may allocate, but also matters
   for everything else any user may allocate.
 
+- Please use `secure_getenv()` for all environment variable accesses, unless
+  it's clear that `getenv()` would be the better choice. This matters in
+  particular in `src/basic/` and `src/shared/` (i.e. library code that might
+  end up in unexpected processes), but should be followed everywhere else too
+  (in order to make it unproblematic to move code around). To say this clearly:
+  the default should be `secure_getenv()`, the exception should be regular
+  `getenv()`.
+
 ## Types
 
 - Think about the types you use. If a value cannot sensibly be negative, do not
-- 
cgit v1.2.3