On Mon, Mar 15, 2021 at 2:33 PM <[email protected]> wrote: > Speaking of environment, AFAIK on modern systems it can be read only by > sufficiently privileged user, so I don't see how it is less secure than > a file (which will have to have the same permissions as > /proc/<PID>/environ). Could you elaborate how is it less secure than > using --defaults-extra-file?
Environment data 'leaks' easier than file contents. For example, when developing / debugging, one could easily copy/paste all environment data, including the password (by accident), and post it online when asking for help.
