Questions tagged [environment-variables]
36 questions
1
vote
2 answers
What sort of attacks could be performed by an attacker who can set environment variables?
If an attacker can set environment variables at will, what attacks can be performed using this advantage, and what degree of control can the attacker take?
TheEnvironmentalist
- 505
- 3
- 10
0
votes
1 answer
Securely loading private tokens on a local machine
When doing local development, I have to export a token needed for downloading dependencies from a private repository. For example:
export NPM_TOKEN=token_value
I want to make sure that this token is not stored in the shell history (that's an easy…
0
votes
0 answers
Why are environment variables safe after 2022 Heroku breach?
In their communication about the april 2022 breach (summary here), Heroku states that environment variables (other than Review apps and CI variables) were safe because they are encrypted at rest.
We also wanted to address a question regarding…
Vic Seedoubleyew
- 31
- 9
0
votes
0 answers
Data-only attack using buffer overflow
For school I need to use the buffer overflow in the program below to get the shell to launch. For this exercise we need to perform a data-only attack, i.e. the stack is non-executable and stack canaries are enabled.
#include
#include…
Mee98
- 101
0
votes
1 answer
Storing server-side secret key in environment variable - is a concern?
Is it a security concern to store server-side key in plaintext in environment variables? And specifically with PHP, would I be safe by not calling phpinfo() or other kind of dumper?
DannyNiu
- 328
- 2
- 14
0
votes
2 answers
Can environment variables created for a unix account be viewable by another account?
If I run a program that accepts configs from environment variables under non-privileged user userA; can a user with root access read those environment varibles ?
Bon Ami
- 133
- 1
- 7