Are my environment variables safe for other users on the system?

Question

Are my environment variables safe for other users on the system?

I hope the system does not matter as long as it is current, but I am using Ubuntu 11.10 server. Is there any way for any user y to see user environment x variables? In other words, is it safe to store the password in an environment variable during script installation - assuming that the user running the software is allowed to know it?

+4

security linux shell

Lactose Feb 09 '12 at 21:45

source share

2 answers

As far as I know, you can write passwords stored in memory using a memory dump. To minimize risks, password management tools overwrite memory (i.e., clipboard) after a few seconds.

Edit: Search the web I found an example of this technique in ubuntu here .

0

jcollado Feb 09 '12 at 21:53

source share

mikithskegg · Accepted Answer · 2012-02-09T21:51:16+0000

You can access environment variables reading the file /proc/*PID*/environ . But he has the same powers as the process to which he belongs.

Are my environment variables safe for other users on the system?

More articles: