Computer & OS Fundamentals · beginner · ~10 min
Explain what environment variables are, why PATH matters, and basic shell mechanics.
A shell runs programs and connects their I/O. Each process inherits environment variables (key/value config); PATH determines which directories are searched for commands — a privilege-escalation vector if writable dirs come first.
PATH and loader variables (LD_PRELOAD) are concrete privilege-escalation techniques, and secrets leaked into a process's environment are recoverable from /proc. The shell is also the primary interface for every tool you'll run.
Shell. Parses commands, spawns processes, wires I/O. Environment. Inherited key/value config per process. PATH. Search order for commands — hijackable if a writable dir is early. LD_PRELOAD/LD_LIBRARY_PATH. Loader controls, another injection surface. /proc/
The command line (shell) is how operators drive a system precisely — and it's where most pentest tooling lives.
A shell (bash, zsh, PowerShell) reads commands, runs programs, and wires their input/output together. A command is program arg1 arg2; the shell finds the program, starts a process, and waits.
Every process inherits a set of environment variables — key/value strings like HOME=/root or LANG=en_US.UTF-8. They configure behaviour without command-line flags.
PATH is a colon-separated list of directories the shell searches to find a command. Type nmap and the shell looks through each PATH directory in order. PATH is security-sensitive: if a writable or attacker-controlled directory comes early in PATH, a malicious ls placed there runs instead of the real one — a real privilege-escalation technique (PATH hijacking).
HOME, USER, PWD, LD_PRELOAD/LD_LIBRARY_PATH (loader controls — another injection vector), and secrets that shouldn't be there (AWS_SECRET_ACCESS_KEY in a process's environment is a credential-leak find via /proc/<pid>/environ).
The shell drives the system and each process carries environment variables; PATH (and loader variables) are security-sensitive because controlling them can redirect which code runs. Leaked secrets in an environment are recoverable.