kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 29 Pull Requests 2 Projects 2 Activity

Don't let every user read the environment variables in Systemd units? #38

New Issue
Closed
opened 2019-04-23 12:57:20 +00:00 by greg · 3 comments
greg commented 2019-04-23 12:57:20 +00:00
Owner
Copy Link

We started discussing it in #37

I thought making the unit files not world readable is enough, let's find a good solution and use it everywhere

We started discussing it in #37 I thought making the unit files not world readable is enough, let's find a good solution and use it everywhere
raucao commented 2019-04-23 13:12:48 +00:00
Owner
Copy Link

From kosmos-dev@chat.kosmos.org:

Note that environment variables are not suitable for passing secrets (such as passwords, key material, …) to service processes. Environment variables set for a unit are exposed to unprivileged clients via D-Bus IPC, and generally not understood as being data that requires protection. Moreover, environment variables are propagated down the process tree, including across security boundaries (such as setuid/setgid executables), and hence might leak to processes that should not have access to the secret data.

https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Environment=

From `kosmos-dev@chat.kosmos.org`: > Note that environment variables are not suitable for passing secrets (such as passwords, key material, …) to service processes. Environment variables set for a unit are exposed to unprivileged clients via D-Bus IPC, and generally not understood as being data that requires protection. Moreover, environment variables are propagated down the process tree, including across security boundaries (such as setuid/setgid executables), and hence might leak to processes that should not have access to the secret data. https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Environment=
raucao added the
security
question
 labels 2020-08-30 12:24:05 +00:00
raucao commented 2020-11-05 10:06:04 +00:00
Owner
Copy Link

Another post on the topic:

https://movingfast.io/articles/environment-variables-considered-harmful/

The gist is to just use local config files that aren't loaded into ENV vars.

Another post on the topic: https://movingfast.io/articles/environment-variables-considered-harmful/ The gist is to just use local config files that aren't loaded into ENV vars.
raucao commented 2023-03-30 09:28:45 +00:00
Owner
Copy Link

Closing in favor of assessing the situation use case by use case.

Closing in favor of assessing the situation use case by use case.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
service
accounts
Kosmos Accounts
service
discourse
Kosmos Community Forums
service
drone-ci
Kosmos Drone CI
service
email
mail.kosmos.org
service
garage
S3-compatible object storage
service
gitea
Kosmos Gitea
service
ipfs
Kosmos IPFS
service
mastodon
kosmos.social
service
postgres
Database cluster
service
remotestorage
Portable data storage for the Web
service
wiki
Kosmos Wiki
service
xmpp
Kosmos Chat
bug
Something is not working
design
Graphic/visual design
dev environment
Config, builds, CI, deployment, etc.
docs
Documentation
duplicate
This issue or pull request already exists
enhancement
Improving existing functionality
feature
New functionality
good first issue
Dive in, and start contributing
idea
Something to consider
invalid
Not a bug
kredits-1
Small contribution
kredits-2
Medium contribution
kredits-3
Large contribution
on hold
Currently not actionable
ops
Manual IT ops activities
question
Looking for an answer
release
major
release
minor
release
patch
security
All your base are belong to us
ui/ux
User interface, process design, etc.
wontfix
This won't be fixed
No Label
question
security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
bkero bumi fsmanuel galfert greg hueso raucao slvrbckt
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: kosmos/chef#38
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?