Hi,
You'd expect --unshare-pid --proc /proc --clearenv to safely hide all environment variables. However, when not using --as-pid-1, the environment is leaked in /proc/1/environ!
Not sure if this is actually relevant security wise, but I'd better hope nobody is using --clearenv to clear sensitive environment variables!
Hi,
You'd expect
--unshare-pid --proc /proc --clearenvto safely hide all environment variables. However, when not using--as-pid-1, the environment is leaked in/proc/1/environ!Not sure if this is actually relevant security wise, but I'd better hope nobody is using
--clearenvto clear sensitive environment variables!