I'm trying to determine if, in Linux, environment variables for a process are observable by other (non-root) users.
The immediate use case is putting secrets into environment variables. This is discussed in many places throughout the web as being insecure, but I haven't been able to zero in on the exact exposure point in Linux.
Note that I am not talking about putting cleartext secrets into files. Also note that I am not talking about exposure to the root account (I view attempting to hide secrets from an adversary with root as a nonstarter).
This question appears to address mine, with comments that classify environment variables as being completely without security, or only simply being obfuscated, but how does one access them?
In my tests one unprivileged user can't observe environment variables for another user through the process table ('ps auxwwe'). The commands that set environment variables (e.g. export) are shell builtins which don't make it onto the process table and by extension aren't in /proc/$pid/cmdline. /proc/$pid/environ is only readable by the UID of the process owner.
Perhaps the confusion is between different operating systems or versions. Various (recent) sources across the web decry the insecurity of environment variables, but my spot-checking of different linux versions seems to indicate that this isn't possible going back at least to 2007 (probably further but I don't have boxes on hand to test).
In Linux, how can a non-privileged user observe environment variables for another's processes?
Best Answer
As Gilles explained in a very comprehensive answer to a similar question on security.stackexchange.com, process environments are only accessible to the user that owns the process (and root of course).