1

Is it possible in Unix/Linux to access environment variable from another sessions. For instance

export MYPASSWORD = 'MySecretPassword"

would it be possible by another user on the same machine to access it?

From my understanding, the password will be as environment variable as long as the session is up.

Is having the password in script (program) a more secure option (first the program reads the password from the encrypted password store) ?

Alex
  • 412
  • 1
  • 8
  • 14
  • 1
    https://security.stackexchange.com/questions/14000/environment-variable-accessibility-in-linux Seems to answer your question extensively. To add to it - Someone with physical access to your system, or remote administrative access, can almost always dump your RAM and then pick through it for your environmental variables, including your password, but that's no less secure than having it in a script that gets loaded into memory. – Monica Apologists Get Out Nov 17 '17 at 17:04
  • Also [this](https://superuser.com/questions/708355/is-it-safe-to-store-critical-passwords-in-server-environment-variables). – Arminius Nov 17 '17 at 17:06
  • That answers the question in a perfect world. In the real (imperfect) world, it has holes. Environment variables are inherited by child processes. If a child process has an exploitable vulnerability such that there is information leakage or remote code execution then it doesn't hold up. When I do my vulnerability assessment training at my company I always tell people to never assume that everything else is working correctly. Most breaches are a result of a chain of vulnerabilities being exploited, not just one vulnerability. – Swashbuckler Nov 20 '17 at 03:32

0 Answers0