[systemd-devel] Environment-variable security?

[Lennart Poettering]

On Mo, 12.11.18 19:53, aleivag (aleivag at gmail.com) wrote:

> If you use  EnvironmentFile the only thing a user could do is systemctl
> show, and that will tell them that what environment file was used , but not
> it's content...
> 
> As long as you unset the env, you should be fine (but I'm not a expert on
> this)

No. Really, don't do this.

The problem reamains that env vars are generally not considered
secrets, and hence are unsuitable for passing secrets.

I already mentioned the problem of propagation. But there's also this:
if for some reason the admin turned on debug logging in systemd you'll
see messages up passed env vars in the debug logs, and no, they are
likely readable by unpriv users, because they go to the console, kmsg,
…

Again, don't put the env vars there in the first place.

Lennart

-- 
Lennart Poettering, Red Hat