Hacker News new | ask | show | jobs
by diogomonicapt 3413 days ago
We explicitly chose not to support secrets as ENV variables, since they are prone to being leaked (child processes inhering parent's env; easy to leak ps -e; bug reports usually include ENV of the application; core dumps include ENV of the application, etc etc)
1 comments
tlrobinson 3413 days ago
Makes sense, but how do child processes not have access to the secrets files?
link
diogomonicapt 3412 days ago
My unstated assumption was that when calling something like imagetragick you would be doing the appropriate privilege dropping using setuid and setgid. This is obviously not necessarily the case, but it's at least a lot more common than people cleaning up the ENV before creating a child process.
link
paulddraper 3413 days ago
They do. That point is less valid.
link