[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] privacy of environment variables

To: suse-security@xxxxxxxx
Subject: Re: [suse-security] privacy of environment variables
From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
Date: Wed, 2 Nov 2005 15:51:22 +0100
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <Pine.LNX.4.61.0511021056260.4165@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mail-followup-to: suse-security@xxxxxxxx
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <Pine.LNX.4.61.0511021056260.4165@xxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.9i

Bob Vickers wrote:
> I have a question about privacy of environment variables. I was always 
> brought up to believe that you must never store passwords or other 
> sensitive information in environment variables, because the environment is 
> visible to other users. This is certainly true on older Unix systems.
> 
> But a colleague did some experiments (on SuSE 9.3) and found that ps only 
> displays the environment for processes you own, which seems very sensible. 
> Likewise /proc/pid/environ is only readable by the owner (or by root, of 
> course).
> 
> Now I don't want to rely on experiments, because there may be some other 
> mechanism I haven't thought of. Can anyone point me to some authoritative 
> information about the privacy of environment variables on modern Linux 
> systems?

I don't have any link at hand that could be considered authoritative
but your colleague's observeration is correct. Relying on a
protected environment is not portable though and therefore not
considered the best solution for passing sensitive data.

> The reason I ask is that my colleague is writing a script which will run 
> rpcclient and smbclient. One option would be to use Expect, but 
> environment variables are a much cleaner and simpler solution providing 
> they are safe.

smbclient has an option that tells it to read credentials from a
file.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   SUSE LINUX Products GmbH, Development
 V_/_  http://www.suse.de/

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

References:
- [suse-security] privacy of environment variables
  - From: Bob Vickers

Prev by Date: Re: [suse-security] privacy of environment variables
Next by Date: Re: [suse-security] privacy of environment variables
Previous by thread: Re: [suse-security] privacy of environment variables
Next by thread: [suse-security] VPS & Firewall problem
Index(es):
- Date
- Thread