| ▲ | zemo 3 days ago | |||||||||||||
Reads like it’s not copying the parent, it’s manually constructing the env dictionary to be passed to execve explicitly. I do this in one of my tools at work because developers were exfiltrating secrets and hand jamming them into .env files. | ||||||||||||||
| ▲ | Wicher 3 days ago | parent | next [-] | |||||||||||||
Yeah, so, it's not injecting? To inject something into X, X needs to exist. X does not exist yet when execve is set up. I'm not being pedantic. I just want to read about injection when I'm promised injection :-) because that'd be technically interesting for me. Plainly calling execve isn't so much, I have the manpage here already :-) | ||||||||||||||
| ||||||||||||||
| ▲ | TZubiri 2 days ago | parent | prev [-] | |||||||||||||
Something tells me that if I look, I'll see a .env being used in the actual tool | ||||||||||||||