[IshKebab]

Yeah I think this is a big flaw of declarative systems. I see a Nix derivation that contains `foo: bar`. How do I know what this does? It's pretty much impossible to know without learning all of Nix, because anything can access it.

If it was a function call you could just go-to-definition.

Environment variables have a similar issue. It's often hard to know what they do because they could be used by basically anything at any time.

[sureglymop]

I find this to be a real issue with environment variables.

I am trying to create a tool to help see exactly where and by which program any environment variable was set/exported since boot.

This is still in the conceptual phase but I'm looking into linux' ftrace to achieve this. Any ideas or pointers are welcome.

[IshKebab]

Yeah I think you can definitely find which process sets environment variables (I think you just need to intercept execve or whatever). The real problem is finding which processes use the environment variables. That's extremely difficult, if not impossible.

[sureglymop]

Right. Iirc the environment is put on the stack of a new process shortly after. Though I'd want to do this from very early on and then track how the environment changes. I thought of ftrace because it can be enabled/configured in a kernel parameter and as such will already capture information shortly after boot. But maybe it would be easier to work with ebpf or ptrace.