[systemd-devel] Credentials: what I am doing wrong?
Tomasz Pala
gotar at polanet.pl
Sat Jul 13 11:34:52 UTC 2024
On Wed, Jul 10, 2024 at 18:27:43 +0200, Kamil Jońca wrote:
> [...]
> Nothing? So should I understand that other services will see service
> credentials?
Both your services are run by root - why wouldn't you expect the creds
to be visible?
OTOH I see no reason for them to _be_ accesible this (direct file
access) way - therefore it seems suitable and good practice for
/run/credentials/<service> to be privately mounted by default.
This won't change anything for root (nsenter), but might help with
non-root service isolation. And prevent anyone from abusing this path.
And maybe limit some other attack vectors...
Yet this was apparently already considered and made as aware decision of Lennart:
https://github.com/systemd/systemd/issues/15778#issuecomment-626893671
although I don't find this reasoning convincing - at least without some
ProtectCredentials knob (entire Protect* family might "break" gracefuly
in the same manner).
--
Tomasz Pala <gotar at pld-linux.org>
More information about the systemd-devel
mailing list