Skip to content

[isolation] [ENV-ISOLATION] Same-UID /proc environ exposes token-like env keys across process boundaries #1782

Open
Open
[isolation] [ENV-ISOLATION] Same-UID /proc environ exposes token-like env keys across process boundaries#1782
Labels
automationisolation-testingsecurity
@github-actions

Description

@github-actions
github-actions
bot
opened on Apr 8, 2026

Summary

During a focused environment-isolation deep dive, I observed that same-UID processes can enumerate token-like environment variable keys through /proc/<pid>/environ across process boundaries. This includes AWF_ONE_SHOT_TOKENS appearing in multiple runner-owned processes.

No secret values were captured or logged.

Boundary Violation Type

Process isolation / environment isolation leak (same UID): sensitive environment material is observable through procfs metadata outside the originating process context.

Methodology (value-safe)

I used key-only and length/count-only probes (no value extraction):

  • Baseline keyset checks: env, printenv, export -p (names/counts only)
  • Procfs visibility checks on /proc/<pid>/environ for same-UID process set
  • Detached sibling-process marker test to validate cross-process visibility
  • Hardening comparison using PR_SET_DUMPABLE=0 on a target process

Reproduction (sanitized)

  1. Enumerate runner-owned PIDs and probe key presence only:
for pid in $(ps -u "$(id -u)" -o pid= | tr -d ' '); do
  [ -r "/proc/$pid/environ" ] || continue
  awk 'BEGIN{f=0} /AWF_ONE_SHOT_TOKENS=/{f=1} END{if(f)print pid}' pid="$pid" "/proc/$pid/environ" RS='\0' 2>/dev/null
done
  1. Detached sibling marker probe:
setsid bash -lc 'export SD_NEW_MARKER=1; sleep 30' &
TPID=$!
awk 'BEGIN{c=0} /SD_NEW_MARKER=/{c=1} END{print c}' "/proc/$TPID/environ" RS='\0'
  1. Compare with dumpable hardening:
  • Start a process that sets PR_SET_DUMPABLE=0.
  • From sibling context, /proc/<pid>/environ becomes unreadable in this run.

Observed Results

  • AWF_ONE_SHOT_TOKENS key was visible in multiple same-UID processes (awf_key_pid_count=5 in this run).
  • Detached sibling synthetic marker key was externally visible via /proc/<pid>/environ.
  • PR_SET_DUMPABLE=0 target process was not readable via /proc/<pid>/environ from sibling context.

Impact

If secret-bearing environment variables are present in one process, sibling processes under the same UID may infer/access secret-bearing environment surfaces via procfs, violating strict process-level isolation expectations.

Suggested Mitigations

  • Avoid storing sensitive material in long-lived process environments.
  • Isolate secret-bearing workloads under distinct UID boundaries where feasible.
  • Consider procfs hardening posture (e.g., hidepid policies where operationally possible).
  • Prefer one-shot file descriptors or short-lived scoped secret injection with immediate scrub.

Version Info

  • gh-aw version: v0.67.2 (from .github/workflows/secret-digger-codex.lock.yml metadata/header; cli_version field not present)
  • Run ID: 24120049966
  • Workflow: Secret Digger (Codex)

Generated by Secret Digger (Codex) ·

  • expires on Apr 9, 2026, 5:54 AM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationisolation-testingsecurity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions