[systemd-devel] Environment-variable security?
Marek Howard
marekhwd at gmail.com
Wed Nov 14 01:17:02 UTC 2018
Marek Howard píše v St 14. 11. 2018 v 01:35 +0100:
> Lennart Poettering píše v Út 13. 11. 2018 v 15:17 +0100:
> > On Di, 13.11.18 07:49, David Parsley (parsley at linuxjedi.org) wrote:
> > Well, you are of course welcome to ignore whatever I say, but again,
> > environment blocks are leaky, they propagate down the process tree,
> > and are *not* generally understood as being secret.
>
> It is not *that* common to pass secrets via environment variable but
> it's nothing unusual, and many programs offer this interface. OpenVPN
> comes to bind. Where such interface is offered, propagating down the
> process tree is usually not a concern, because such programs usually
> don't fork "untrusted" programs.
>
> It's quite handy way to pass secrets and as I said above, there's
> really no risk if it's done in cases where it makes sense. Of course
> systemd leaking it to everyone makes it not usable with systemd, but
> that's not really a problem with environment variables.
If you want some examples:
borgbackup - BORG_PASSPHRASE
restic - RESTIC_PASSWORD
openssl - env:var
rsync - RSYNC_PASSWORD
hub - GITHUB_PASSWORD, GITHUB_TOKEN
rclone - RCLONE_CONFIG_PASS
smbclient - PASSWD
Again, it's not so common, but it's not unusual and it's not insecure
if you know what you're doing (which you usually are when you have
powers to create system services).
More information about the systemd-devel
mailing list