Are environment variables visible to unprivileged users on Linux?
As Gilles explained in a very comprehensive answer to a similar question on security.stackexchange.com, process environments are only accessible to the user that owns the process (and root of course).
Environment variables are plenty secure. What the question you linked to is saying is that if the system is compromised, the only security benefit of using environment variables over a configuration file is obscurity. Meaning that if someone has gained root access, they can get to both.
Whether using environment variables for secret data is considered 'obscure' is also debatable. This is a very common practice, and therefore I would not consider it such.
You can only access the data stored in an environment variable in 2 places:
1. The running environment of the process
When the process is running, the environment variables of that process can be accessed through /proc/$PID/environ
. However, only the user who owns the process, or root, can access that file.
2. The source of the environment variables
If you're using an init script, and the variables are stored in that init script, the variables can of course be obtained by reading that script.
Or if the environment variables are coming from somewhere else, then wherever that is.
3. 'ps' output
Yeah, I know I said 2, and in any decent system, it will be 2. However if the admin doesn't know what he's doing, it's possible to open up a 3rd avenue.
If the process is launched via something like sh -c 'cd /foo/bar; POP=tart /my/executable'
, then that sh
process will be visible in ps
:
$ sh -c 'cd /; POP=tart sleep 10' &
[1] 3085
$ ps ax | grep POP
phemmer 3085 14 5 0.0 0.0 SN 00:00 sh -c cd /; POP=tart sleep 10