[systemd-devel] Environment-variable security?
David Parsley
parsley at linuxjedi.org
Wed Nov 14 13:45:25 UTC 2018
On Wed, Nov 14, 2018 at 3:43 AM Lennart Poettering <lennart at poettering.net>
wrote:
> I mean, seriously, people do lots of stuff. It doesn't mean that all
> what people do is actually a good idea or just safe.
>
Certainly agreed on this point. It is my belief, however, that system
software, where possible, should implement controls to head-off security
mistakes of this kind made by those people - like me. Right now I think
systemd doesn't go far enough - I was lucky that I saw that warning in the
logs, and the contents of my unit file were insecure when I thought it was
secured by file permissions. I still believe systemd should refuse to start
the service to draw attention to this error in thinking, and that the log
entry should probably reference the doc where the not-uncommon practice of
putting secrets in environment variables is discouraged - certainly with
systemd managed services.
The practice will continue, however; TravisCI, CircleCI, and my own
GopherCI all have mechanisms for providing e.g a GITHUB_PASSWORD
environment variable for automated build publishing. No shock that a DevOps
engineer might make the mistake of applying the same principle with systemd.
Regards,
-David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20181114/769b7400/attachment.html>
More information about the systemd-devel
mailing list