[suse-security] privacy of environment variables

[Bob Vickers <bobv@xxxxxxxxxxxxx>]

I have a question about privacy of environment variables. I was always 
brought up to believe that you must never store passwords or other 
sensitive information in environment variables, because the environment is 
visible to other users. This is certainly true on older Unix systems.

But a colleague did some experiments (on SuSE 9.3) and found that ps only 
displays the environment for processes you own, which seems very sensible. 
Likewise /proc/pid/environ is only readable by the owner (or by root, of 
course).

Now I don't want to rely on experiments, because there may be some other 
mechanism I haven't thought of. Can anyone point me to some authoritative 
information about the privacy of environment variables on modern Linux 
systems?

The reason I ask is that my colleague is writing a script which will run 
rpcclient and smbclient. One option would be to use Expect, but 
environment variables are a much cleaner and simpler solution providing 
they are safe.

Many thanks,
Bob
==============================================================
Bob Vickers                     R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here