What:
I think it might be interesting to offer the possibility of removing values from the environment at reading time.
Why:
In the case environment variables would be used for secret values, this would help make sure children processes do not receive those secrets. This may also help when the environment is dumped (e.g. I believe Sentry stores a copy of the process environment alongside event, though it does a bit of scrubbing). It may limit the case of involuntary secret exposure. Note: I think this does not change /proc/self/environ, so it's not about securing against a malicious subprocess (that being said, if subprocess is launched as a different user, that might still help).
If the platform supports the unsetenv() function, you can delete items in this mapping to unset environment variables. unsetenv() will be called automatically when an item is deleted from os.environ, and when one of the pop() or clear() methods is called.
Who:
If you think this can be interesting, I may be available to try and make a PR.
What: I think it might be interesting to offer the possibility of removing values from the environment at reading time.
Why: In the case environment variables would be used for secret values, this would help make sure children processes do not receive those secrets. This may also help when the environment is dumped (e.g. I believe Sentry stores a copy of the process environment alongside event, though it does a bit of scrubbing). It may limit the case of involuntary secret exposure. Note: I think this does not change
/proc/self/environ
, so it's not about securing against a malicious subprocess (that being said, if subprocess is launched as a different user, that might still help).How: https://docs.python.org/3.8/library/os.html#os.environ
Who: If you think this can be interesting, I may be available to try and make a PR.