Had an odd issue a few weeks back. A process was not behaving as it should. After doing some digging I found out that the the only way it could behave like it was, was if an environment variable was set incorrectly. The odd part was that /proc/$$/environ was showing that it was set correctly.

After doing some research and playing with gdb a bit (thankfully this was a test environment) I found out that /proc/$$/environ does not give you what you think it gives you!

on to the why.

When a process starts the create_elf_tables function gets called. This function creates and populates a mm_struct data structure. This structure, among other things, contains env_start and env_end, which are the memory address of the begging and end of the environment variable data in the stack.

To get the environment variable information the proc file system reads mm_struct to get he start and end values where the environment variables are located. This is done in the environ_read function.

So why is this not giving me what i want? Well when the process is created in memory there is no buffer in the stack to add more environment variables or to make existing environment variables longer.  So when the process creates a new environment variable or modifies an existing one the environment variables get moved to the heap and the environ symbol is changed to point to the new location. The mm_struct however, is not changed. Which is not necessarily a bad thing but since the proc file system looks at the mm_struct you get the environment at execution time and not the current environment.

this behavior is simple to see.

$ echo $FOO

$ cat /proc/$$/environ |tr '\0' '\n' |grep FOO
$ export FOO=BAR
$ echo $FOO
$ cat /proc/$$/environ |tr '\0' '\n' |grep FOO

For the hell of it I was playing around with ptrace and made an small program that attaches to a process parses the elf structure, finds the environ symbol and then prints out the
current environment variables. The code is crap and the thing barely works(well sometimes it barely works) I was just fooling around. Its allot easier (and safer) to start up GDB and do a “show environ“.

