On 08/29/2010 05:51 AM, Stephen Harris wrote: > There's nothing special about /proc/$$/environ. All the variables in there > are already available to the process. eg Yes, and the shell could even be made to do as you wanted if you could convince a script to "source /proc/$$/environ". You don't see many web services written in POSIX sh, though. > Badly written CGI programs are badly written CGI programs no matter > what language they're written in. The exact nature of the exploit may > be different, but they all fall into a similar class - the programmer > ****ed up. Yes, that's true, but the original message in this thread saw an attempt to load /proc/self/environ through a php script. You're getting pretty far off topic, now.