On Wed, Nov 14, 2018 at 3:43 AM Lennart Poettering <lennart@xxxxxxxxxxxxxx> wrote:
I mean, seriously, people do lots of stuff. It doesn't mean that all
what people do is actually a good idea or just safe.
Certainly agreed on this point. It is my belief, however, that system software, where possible, should implement controls to head-off security mistakes of this kind made by those people - like me. Right now I think systemd doesn't go far enough - I was lucky that I saw that warning in the logs, and the contents of my unit file were insecure when I thought it was secured by file permissions. I still believe systemd should refuse to start the service to draw attention to this error in thinking, and that the log entry should probably reference the doc where the not-uncommon practice of putting secrets in environment variables is discouraged - certainly with systemd managed services.
The practice will continue, however; TravisCI, CircleCI, and my own GopherCI all have mechanisms for providing e.g a GITHUB_PASSWORD environment variable for automated build publishing. No shock that a DevOps engineer might make the mistake of applying the same principle with systemd.
Regards,
-David
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
