Entire process's environment attached to bugzillas by ABRT
Richard W.M. Jones
rjones at redhat.com
Mon Dec 1 08:59:41 UTC 2014
On Sun, Nov 30, 2014 at 08:29:27PM -0500, Rahul Sundaram wrote:
> On Sun, Nov 30, 2014 at 1:36 PM, Lars Seipel wrote:
> > There's also OpenNebula (^ONE_) and Vmware (^VI_) doing the same. Seems
> > to be pretty common with virt and cloud stuff. Apart from that I can't
> > think of anything else right now.
> Rackspace, DigitalOcean, Google Computing Engine etc have API info
> potentially exported in the environment as well. This is going to be quite
> tedious to filter out but just in case you want to blacklist them, you
> want to blacklist the following
It looks like they inherited this habit from Amazon ...
For the avoidance of doubt, putting authentication information into
the environment is a bad, insecure practice. Any other local user can
immediately see it using 'ps axewwww'.
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
More information about the devel