On Wed, Nov 14, 2018 at 3:43 AM Lennart Poettering <[email protected]> wrote:
> I mean, seriously, people do lots of stuff. It doesn't mean that all > what people do is actually a good idea or just safe. > Certainly agreed on this point. It is my belief, however, that system software, where possible, should implement controls to head-off security mistakes of this kind made by those people - like me. Right now I think systemd doesn't go far enough - I was lucky that I saw that warning in the logs, and the contents of my unit file were insecure when I thought it was secured by file permissions. I still believe systemd should refuse to start the service to draw attention to this error in thinking, and that the log entry should probably reference the doc where the not-uncommon practice of putting secrets in environment variables is discouraged - certainly with systemd managed services. The practice will continue, however; TravisCI, CircleCI, and my own GopherCI all have mechanisms for providing e.g a GITHUB_PASSWORD environment variable for automated build publishing. No shock that a DevOps engineer might make the mistake of applying the same principle with systemd. Regards, -David
_______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
