Skip to content

security: set and declare -p leak internal marker variables (TM-INF-017) #490

New issue
New issue
Closed
#501
Closed
security: set and declare -p leak internal marker variables (TM-INF-017)#490
#501
Labels
bugSomething isn't workingsecuritySecurity vulnerability or hardening
@chaliy

Description

@chaliy
chaliy
opened on Mar 2, 2026

Summary

set (no args) at builtins/vars.rs:114-119 and declare -p at interpreter/mod.rs:5367-5374 iterate all variables without filtering internal prefixes (_NAMEREF_*, _READONLY_*, _UPPER_*, _LOWER_*).

Impact — MEDIUM

Scripts can discover which variables are namerefs, readonly, or have case conversion attributes by examining set or declare -p output. This leaks internal implementation details.

Reproduction

declare -n myref=target
readonly myval=123
set | grep -E "^_(NAMEREF|READONLY)_"
# Output: _NAMEREF_myref=target
#         _READONLY_myval=1

Recommended fix

Filter is_internal_variable() names from output in both set and declare -p paths.

Tests

Regression tests (currently #[ignore]):

  • security_audit_set_hides_internal_markers
  • security_audit_declare_p_hides_internal_markers

Cross-references

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingsecuritySecurity vulnerability or hardening

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions