Re: Environment-variable security?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mi, 14.11.18 02:17, Marek Howard (marekhwd@xxxxxxxxx) wrote:

> > It is not *that* common to pass secrets via environment variable but
> > it's nothing unusual, and many programs offer this interface. OpenVPN
> > comes to bind. Where such interface is offered, propagating down the
> > process tree is usually not a concern, because such programs usually
> > don't fork "untrusted" programs.

Well, what's "trusted" or "untrusted" is in the eye of the beholder,
and you never know what your libraries do in the background.

What is common or not is orthogonal to what is a good idea and what is
not.

> If you want some examples:
> 
> borgbackup - BORG_PASSPHRASE
> restic - RESTIC_PASSWORD
> openssl - env:var
> rsync - RSYNC_PASSWORD
> hub - GITHUB_PASSWORD, GITHUB_TOKEN
> rclone - RCLONE_CONFIG_PASS
> smbclient - PASSWD

Well, if you look at those, at least some of them even take the
password from the command line (for example: smbclient). And as
hopefully everyone knows any information included in the command line
is readily visible to everybody else (including unprivileged) on the
system with "ps". And yes, tools doing that tend to override them
quickly after reading, but that's still awfully racy.

I mean, seriously, people do lots of stuff. It doesn't mean that all
what people do is actually a good idea or just safe.

Lennart

-- 
Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux