Hacker News new | past | comments | ask | show | jobs | submit login

File permissions allow finer granularity of access control. Environment variables are visible to any user in the system.



Not in any multi-user multi-process OS. You set environment variables in a process (ie. shell/CMD.EXE) and spawn child process (the program) from that parent. The environment variables will only be visible to those two processes.


Linux disagrees; try

    strings /proc/*/environ
to see for yourself.

On Solaris/SunOS, you could use `pargs -e $PID`. And so on.

Having separate UIDs to run your processes A and B under shields either one from peeking at the other's environment, though. UNIX DAC is simple and powerful enough for MOST security concerns, I would argue.


> Environment variables are visible to any user in the system.

This is completely false in any modern OS. You can only see environment variables of your own processes.


Unset them after right after evaluation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: