Lennart Poettering píše v Pá 30. 11. 2018 v 14:53 +0100: > On Fr, 30.11.18 14:25, Marek Howard (marekhwd@xxxxxxxxx) wrote: > > > - Lennart keeps repeating that passing secrets via environment variable > > is insecure because they are passed down the process tree. They are, if > > you choose so in execve(), they are also readable by other processes > > running under same user from /proc/$PID/environ just like your > > ~/.bashrc or ~/.netrc. (Don't even start telling me that ~/.netrc is > > insecure please. Of course it is once you let other users read it.) > > Well, they are propagated down the process tree *by default*. That's > the problem. Almost nothing in this world sanitizes env vars. su/sudo > do, but everything passes them on, including across suid/sgid/fcaps > priv boundaries. > > So, it doesn't matter if you *can* suppress them. Fact is that they > generally are *not* suppressed, and you can stick your head in the > sand as much as you like, but that's not going to change. I understand, but that's by design and there's nothing wrong with that. It's even useful for the case where you want wrap a thing with a script. I still don't understand why this is a problem. If a program expects a secret being passed via environment variable, you don't expect this program to spawn an executable which can do malicious execution (e.g. that could be controlled by network) and if it really does, then that's a bug in the program and reading a password from an environment variable is least severe of the problems that come from it. _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Environment-variable security?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Environment-variable security?
- From: Marek Howard <marekhwd@xxxxxxxxx>
- Date: Fri, 30 Nov 2018 17:04:39 +0100
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <20181130135357.GA30408@gardel-login>
- References: <CA+WeKeyKHb2dm8=HZc7h=tTwy7M_seoNGSSY_+zcN_bErXasKg@mail.gmail.com> <CADByNOO79JVYeVk6u3jcxqrjWDjvsrMbXKQt0vt_gmQeqnJ1tQ@mail.gmail.com> <20181113101822.GB28345@gardel-login> <CA+WeKeyV82GM-QO66dZ76qDEQdTR=yFGw7cGFakSPb+oTfinEQ@mail.gmail.com> <20181113141719.GA28759@gardel-login> <815b2fad382fd1faec48267c71bef331de175618.camel@gmail.com> <9634dbfdb4a29eb4881c33a4c4790f94d7be46c8.camel@gmail.com> <20181114084322.GA29898@gardel-login> <CA+WeKexvJnwOgn13MNZCY1HMk_cx8_NkuCrm5F4KT-6rQYsh4g@mail.gmail.com> <d6e0980422f7c114fd17789b02d61c408fc71f2f.camel@gmail.com> <20181130135357.GA30408@gardel-login>
- User-agent: Evolution 3.31.2
- Follow-Ups:
- Re: Environment-variable security?
- From: Lennart Poettering
- Re: Environment-variable security?
- References:
- Environment-variable security?
- From: David Parsley
- Re: Environment-variable security?
- From: aleivag
- Re: Environment-variable security?
- From: Lennart Poettering
- Re: Environment-variable security?
- From: David Parsley
- Re: Environment-variable security?
- From: Lennart Poettering
- Re: Environment-variable security?
- From: Marek Howard
- Re: Environment-variable security?
- From: Marek Howard
- Re: Environment-variable security?
- From: Lennart Poettering
- Re: Environment-variable security?
- From: David Parsley
- Re: Environment-variable security?
- From: Marek Howard
- Re: Environment-variable security?
- From: Lennart Poettering
- Environment-variable security?
- Prev by Date: Re: Environment-variable security?
- Next by Date: Re: Environment-variable security?
- Previous by thread: Re: Environment-variable security?
- Next by thread: Re: Environment-variable security?
- Index(es):
 |