[systemd-devel] Environment-variable security?
Reindl Harald
h.reindl at thelounge.net
Wed Nov 14 01:20:26 UTC 2018
Am 14.11.18 um 02:17 schrieb Marek Howard:
>> It's quite handy way to pass secrets and as I said above, there's
>> really no risk if it's done in cases where it makes sense. Of course
>> systemd leaking it to everyone makes it not usable with systemd, but
>> that's not really a problem with environment variables.
>
> If you want some examples:
>
> borgbackup - BORG_PASSPHRASE
> restic - RESTIC_PASSWORD
> openssl - env:var
> rsync - RSYNC_PASSWORD
> hub - GITHUB_PASSWORD, GITHUB_TOKEN
> rclone - RCLONE_CONFIG_PASS
> smbclient - PASSWD
makes it not better
> Again, it's not so common, but it's not unusual and it's not insecure
> if you know what you're doing (which you usually are when you have
> powers to create system services)
don't get me wrong, but with systemd a trained monkey can write a system
service in whatever scripting language he wants
* type=simple
* <?php while(true){serviceloop}?>
* done
More information about the systemd-devel
mailing list