[cjbprime]

Wait, what's your threat model? Surely you're not imagining that you can pass data from one process to another without root being able to see it? (On Linux, since you're using /proc.)

Other users' processes can't see /proc/$pid/environ, unlike using cmdline.

[BenjiWiebe]

Don't recall right now for sure, but doesn't ps have an option to display the processes environment? I've done it by accident a few times and it does not take root.

[cjbprime]

It has an option (e) to attempt to display environment variables, but ps is just a program that reads from /proc, and the kernel enforces isolation of environment variables by breaking reads to /proc/pid/environ for processes you don't own (or more precisely, can't ptrace), so `ps e` can't show anything for those processes.

  λ whoami
  cjb
  λ cat /proc/1/cmdline
  /sbin/init%
  λ cat /proc/1/environ
  cat: /proc/1/environ: Permission denied

[tetha]

And if you can see /proc/*/environ, you can probably attach to the process via gdb and read the secret from the process memory. At that point, it's not relevant how the secret was passed to the process.

Unless the secret is some kind of one-time token, or time based token, but then it's also not relevant how the secret was passed to the process. It's invalidated soon.

[Fnoord]

> On Linux, since you're using /proc.

Exactly; macOS doesn't use /proc.