Entire process's environment attached to bugzillas by ABRT

Richard W.M. Jones rjones at redhat.com
Mon Dec 1 08:59:41 UTC 2014


On Sun, Nov 30, 2014 at 08:29:27PM -0500, Rahul Sundaram wrote:
> Hi
> 
> On Sun, Nov 30, 2014 at 1:36 PM, Lars Seipel  wrote:
> >
> >
> > There's also OpenNebula (^ONE_) and Vmware (^VI_) doing the same. Seems
> > to be pretty common with virt and cloud stuff. Apart from that I can't
> > think of anything else right now.
> 
> 
> Rackspace, DigitalOcean,  Google Computing Engine etc have API info
> potentially exported in the environment as well.  This is going to be quite
> tedious to filter out but just in case you want to blacklist them,  you
> want to blacklist the following
> 
> NOVA_*
> DO_*
> APPID_*

It looks like they inherited this habit from Amazon ...

For the avoidance of doubt, putting authentication information into
the environment is a bad, insecure practice.  Any other local user can
immediately see it using 'ps axewwww'.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top


More information about the devel mailing list