Skip to content

[isolation] [ENV-ISOLATION] Same-UID /proc environ exposes token-like pre-exec environment material #1754

Open
Open
[isolation] [ENV-ISOLATION] Same-UID /proc environ exposes token-like pre-exec environment material#1754
Labels
automationisolation-testingsecurity
@github-actions

Description

@github-actions
github-actions
bot
opened on Apr 7, 2026

Isolation boundary test (run 24090334900) reproduced a process-environment exposure condition inside the agent container.

Summary

Same-UID processes can read each other’s /proc/<pid>/environ, including token-like variables inherited at exec time. This allows environment material intended for one process to be observable from another process in the same container context.

Version

  • Workflow lock file: .github/workflows/secret-digger-codex.lock.yml
  • cli_version field: not present in this lock file
  • compiler_version: v0.67.2
  • GH_AW_INFO_CLI_VERSION: v0.67.2

Methodology (value-safe)

Used key-name and length-only checks (no secret values recorded):

  1. Name-only env parity (env, printenv, export -p).
  2. Same-UID /proc/<pid>/environ census for AWF_ONE_SHOT_TOKENS key presence and value length only.
  3. Clean-room control with env -i to verify inheritance suppression.
  4. Compiled helper probe to test clearenv() behavior after process start.

Reproduction

  1. Enumerate readable process environments (keys only):
    • tr '\0' '\n' < /proc/<pid>/environ | cut -d= -f1
  2. Confirm key presence in sibling processes:
    • grep -x AWF_ONE_SHOT_TOKENS
  3. Measure length only (no value):
    • awk -F= '$1=="AWF_ONE_SHOT_TOKENS"{print length($2)}'
  4. Run control process with clean env:
    • env -i PATH="$PATH" bash -lc 'sleep 25'
    • Check /proc/<pid>/environ again (key absent)
  5. Run pre-exec marker + clearenv() helper:
    • Launch process with synthetic marker in env
    • Inside process call clearenv()
    • Observe marker still present via /proc/<pid>/environ from sibling process

Observed Result

  • Token-like key present and non-empty in multiple same-UID processes.
  • Clean-room process (env -i) does not expose the key.
  • Pre-exec env marker remains readable from /proc/<pid>/environ even after in-process clearenv().

Boundary Type

Process isolation / environment-variable isolation boundary violation (same-UID cross-process observability).

Security Impact

A process running in the same container session can enumerate environment material from other same-UID processes via /proc, increasing risk of secret discovery if sensitive values are passed through environment variables.

Notes

No sensitive values were copied or disclosed in this report; only key names, lengths, and process metadata were used.

Generated by Secret Digger (Codex) ·

  • expires on Apr 8, 2026, 3:49 PM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationisolation-testingsecurity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions