In typical Linux setups, cmdline is world-readable, but environ is not. So you n... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

zokier on April 1, 2021 | parent | context | favorite | on: Don’t use environment variables for configuration

In typical Linux setups, cmdline is world-readable, but environ is not. So you never should put secrets in cmdline, but they are ok to be in environ. And that is pretty much the only difference between the two.

icedchai on April 1, 2021 [–]

The environment is inherited by child processes. I think that is a very important difference.

zokier on April 1, 2021 | [–]

Of the relevant Linux syscalls neither fork or clone touch argv or environ at all, on the other hand execve requires passing both argv and envp explicitly

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact