[systemd-devel] Credentials: what I am doing wrong?

Tomasz Pala gotar at polanet.pl
Sat Jul 13 11:34:52 UTC 2024


On Wed, Jul 10, 2024 at 18:27:43 +0200, Kamil Jońca wrote:

> [...]
> Nothing? So should I understand that other services will see service
> credentials?

Both your services are run by root - why wouldn't you expect the creds
to be visible?

OTOH I see no reason for them to _be_ accesible this (direct file
access) way - therefore it seems suitable and good practice for
/run/credentials/<service> to be privately mounted by default.

This won't change anything for root (nsenter), but might help with
non-root service isolation. And prevent anyone from abusing this path.
And maybe limit some other attack vectors...

Yet this was apparently already considered and made as aware decision of Lennart:

https://github.com/systemd/systemd/issues/15778#issuecomment-626893671

although I don't find this reasoning convincing - at least without some
ProtectCredentials knob (entire Protect* family might "break" gracefuly
in the same manner).

-- 
Tomasz Pala <gotar at pld-linux.org>


More information about the systemd-devel mailing list