I couldn't find the technique used above the fold (or a short way below).

Is this something more (and something more interesting) than just standard spawned process inheriting the parent process environment?

IOW is this actually injecting in the true sense of the word? Because that'd be interesting.

▲

zemo 3 days ago | parent [-]

Reads like it’s not copying the parent, it’s manually constructing the env dictionary to be passed to execve explicitly. I do this in one of my tools at work because developers were exfiltrating secrets and hand jamming them into .env files.

▲

Wicher 3 days ago | parent | next [-]

Yeah, so, it's not injecting? To inject something into X, X needs to exist. X does not exist yet when execve is set up.

I'm not being pedantic. I just want to read about injection when I'm promised injection :-) because that'd be technically interesting for me. Plainly calling execve isn't so much, I have the manpage here already :-)

	▲	chrismarlow9 3 days ago \| parent \| next [-]
		You're not alone. I was hoping for the same.
	▲	jijane 5 hours ago \| parent \| prev [-]
		[dead]

▲

TZubiri 2 days ago | parent | prev [-]

Something tells me that if I look, I'll see a .env being used in the actual tool