Re: Environment-variable security?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 13 Nov 2018, David Parsley wrote:
> I already scrub the environment when executing external scripts, and I've
> found that even after os.Unsetenv(...) the full environment is available to
> all processes owned by the robot in /proc/<pid>/environ.

I'm a bit hesitent to enter this already-too-heated discussion, but I 
think this point here is important.

Yes, a process can clear or sanitize its environment, and once done that 
is done you can be confident the variables won't be propagated to child 
processes. It is important that this be done as early as possible, of 
course.

But this sanitization does not necessarily clean up the _original_ 
environment passed in from the kernel, and this memory is still readable 
to other processes running as that user through that /proc/$pid/environ 
file. Certainly, glibc's environment-manipulation functions (i.e. 
setenv(3), putenv(3), unsetenv(3) and clearenv(3)) do not overwrite it.

If a process wants to hide this content, it needs to explicitly overwrite 
this memory or change its address range using prctl(2). Maybe you can 
investigate whether this is possible in Python.
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux