| ▲ | Dwedit 2 days ago | |
I haven't actually tested this, but aren't the input and output handles exposed on /proc/? What's stopping another process from seeing everything? | ||
| ▲ | Lex-2008 2 days ago | parent | next [-] | |
not a Linux expert, but I believe that at the very least it's time sensitive: after consumer process reads it, it's gone from the pipe. Unlike env vars and cli argument that stay there. | ||
| ▲ | trashb 2 days ago | parent | prev | next [-] | |
Yes pipes are exposed /proc/$pid/fd/$thePipeFd with user permissions [0]. Additionally command line parameters are always readable /proc/$YOUR_PROCESS_PID/cmdline [1] There are workarounds but it's fragile. You may accept the risks and in that case it can work for you but I wouldn't recommend it for "general security". Seems it wouldn't be considered secure if everyone did it this way, therefore is it security through obscurity? [0] https://unix.stackexchange.com/questions/156859/is-the-data-... [1] https://stackoverflow.com/questions/3830823/hiding-secret-fr... | ||
| ▲ | Tajnymag 2 days ago | parent | prev [-] | |
I guess the kernel is stopping that. I don't think permission wise you'd have the privileges to read someone else's stdin/out. | ||