Entire process's environment attached to bugzillas by ABRT

Lubomir Rintel lkundrak at v3.sk
Mon Dec 1 17:35:38 UTC 2014


On Mon, 2014-12-01 at 08:59 +0000, Richard W.M. Jones wrote:
> On Sun, Nov 30, 2014 at 08:29:27PM -0500, Rahul Sundaram wrote:
> > Hi
> > 
> > On Sun, Nov 30, 2014 at 1:36 PM, Lars Seipel  wrote:
> > >
> > >
> > > There's also OpenNebula (^ONE_) and Vmware (^VI_) doing the same. Seems
> > > to be pretty common with virt and cloud stuff. Apart from that I can't
> > > think of anything else right now.
> > 
> > 
> > Rackspace, DigitalOcean,  Google Computing Engine etc have API info
> > potentially exported in the environment as well.  This is going to be quite
> > tedious to filter out but just in case you want to blacklist them,  you
> > want to blacklist the following
> > 
> > NOVA_*
> > DO_*
> > APPID_*
> 
> It looks like they inherited this habit from Amazon ...
> 
> For the avoidance of doubt, putting authentication information into
> the environment is a bad, insecure practice.  Any other local user can
> immediately see it using 'ps axewwww'.

No, that's just your processes:

$ cat /proc/1/environ 
cat: /proc/1/environ: Permission denied
$

Lubo



More information about the devel mailing list