Deep-dive run 24144344239 focused on process-isolation boundaries in the AWF agent container and reproduced a boundary leak: same-UID processes can read inherited environment material from other runner-owned processes via /proc/<pid>/environ.
Boundary Violation Type
Process isolation / secret boundary violation (same-UID process metadata exposure).
What Was Observed (sanitized)
- Key name
AWF_ONE_SHOT_TOKENS was observable across multiple runner-owned processes via /proc/<pid>/environ.
- Only key presence and value length were measured; no secret values were captured.
- In this run, 6 runner-owned processes exposed the key with non-zero length (
len=160).
- Synthetic control marker (
SD_MARKER_ALPHA) injected at exec-time into a sibling process was also readable via /proc/<pid>/environ.
Methodology
- Enumerated runner-owned PIDs.
- For each readable
/proc/<pid>/environ, extracted key names only (s/=.*//) and checked for target key presence.
- Measured length-only for target variable (
wc -c) without printing values.
- Ran controlled helper with
PR_SET_DUMPABLE toggle (1 -> 0 -> 1) and exec-time env marker.
- Re-tested marker visibility across phases.
Reproduction Steps
- Start in AWF agent container context as runner user.
- Run a same-UID census:
- Iterate
ps -u runner -o pid=
- Read
/proc/<pid>/environ (if readable)
- Check key names only for
AWF_ONE_SHOT_TOKENS.
- Launch synthetic sibling process with exec-time marker:
env SD_MARKER_ALPHA=VISIBLE sleep 20 &- Check
/proc/<pid>/environ key names for SD_MARKER_ALPHA.
- Launch helper that toggles dumpable state and run with exec-time marker:
- phase1 (
dumpable=1): marker visible
- phase2 (
dumpable=0): marker not readable
- phase3 (
dumpable=1 restored): marker visible again
Evidence Summary (sanitized)
awf_pid_count=6phase1_dumpable1=1 phase2_dumpable0=0 phase3_restored=1marker_visible=1- Cross-UID controls remained in place:
/proc/1/environ and /proc/1/auxv unreadable in this context.
Impact
Any co-resident same-UID process can enumerate and read inherited environment variables from peer processes via /proc/<pid>/environ, enabling token-like material discovery if such data is present in inherited env.
Version Information
- Lock file:
.github/workflows/secret-digger-codex.lock.yml
cli_version: field not present in lock metadatacompiler_version: v0.67.2GH_AW_INFO_CLI_VERSION: v0.67.2GH_AW_INFO_AWF_VERSION: v0.25.13
Generated by Secret Digger (Codex) · ◷
Deep-dive run
24144344239focused on process-isolation boundaries in the AWF agent container and reproduced a boundary leak: same-UID processes can read inherited environment material from other runner-owned processes via/proc/<pid>/environ.Boundary Violation Type
Process isolation / secret boundary violation (same-UID process metadata exposure).
What Was Observed (sanitized)
AWF_ONE_SHOT_TOKENSwas observable across multiple runner-owned processes via/proc/<pid>/environ.len=160).SD_MARKER_ALPHA) injected at exec-time into a sibling process was also readable via/proc/<pid>/environ.Methodology
/proc/<pid>/environ, extracted key names only (s/=.*//) and checked for target key presence.wc -c) without printing values.PR_SET_DUMPABLEtoggle (1 -> 0 -> 1) and exec-time env marker.Reproduction Steps
ps -u runner -o pid=/proc/<pid>/environ(if readable)AWF_ONE_SHOT_TOKENS.env SD_MARKER_ALPHA=VISIBLE sleep 20 &/proc/<pid>/environkey names forSD_MARKER_ALPHA.dumpable=1): marker visibledumpable=0): marker not readabledumpable=1restored): marker visible againEvidence Summary (sanitized)
awf_pid_count=6phase1_dumpable1=1 phase2_dumpable0=0 phase3_restored=1marker_visible=1/proc/1/environand/proc/1/auxvunreadable in this context.Impact
Any co-resident same-UID process can enumerate and read inherited environment variables from peer processes via
/proc/<pid>/environ, enabling token-like material discovery if such data is present in inherited env.Version Information
.github/workflows/secret-digger-codex.lock.ymlcli_version: field not present in lock metadatacompiler_version:v0.67.2GH_AW_INFO_CLI_VERSION:v0.67.2GH_AW_INFO_AWF_VERSION:v0.25.13