Environment Variable Permissions

Restrict the modification of environment variables to authorized users and processes by enforcing strict permissions and policies. This ensures the integrity of environment variables, preventing adversaries from abusing or altering them for malicious purposes. This mitigation can be implemented through the following measures:

Restrict Write Access:

  • Use Case: Set file system-level permissions to restrict access to environment variable configuration files (e.g., .bashrc, .bash_profile, .zshrc, systemd service files).
  • Implementation: Configure /etc/environment or /etc/profile on Linux systems to only allow root or administrators to modify the file.

Secure Access Controls:

  • Use Case: Limit access to environment variable settings in application deployment tools or CI/CD pipelines to authorized personnel.
  • Implementation: Use role-based access control (RBAC) in tools like Jenkins or GitLab to ensure only specific users can modify environment variables.

Restrict Process Scope:

  • Use Case: Configure policies to ensure environment variables are only accessible to the processes they are explicitly intended for.
  • Implementation: Use containerized environments like Docker to isolate environment variables to specific containers and ensure they are not inherited by other processes.

Audit Environment Variable Changes:

  • Use Case: Enable logging for changes to critical environment variables.
  • Implementation: Use auditd on Linux to monitor changes to files like /etc/environment or application-specific environment files.
ID: M1039
Version: 1.1
Created: 11 June 2019
Last Modified: 11 December 2024

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise T1562 .003 Impair Defenses: Impair Command History Logging

Prevent users from changing the HISTCONTROL, HISTFILE, and HISTFILESIZE environment variables. [1]

Enterprise T1070 .003 Indicator Removal: Clear Command History

Making the environment variables associated with command history read only may ensure that the history is preserved.[1]

References