From: Lennart Poettering Date: Tue, 13 Nov 2018 22:09:32 +0000 (+0100) Subject: man: document that env vars are not suitable for passing secrets X-Git-Tag: v240~333 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=438311a5181ccf6e12a6a0a976bb8b5853b9be12;p=thirdparty%2Fsystemd.git man: document that env vars are not suitable for passing secrets Prompted by the thread around: https://lists.freedesktop.org/archives/systemd-devel/2018-November/041665.html --- diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 3f0535726be..41b5d7144de 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1645,7 +1645,13 @@ SystemCallErrorNumber=EPERM See environ7 for details - about environment variables. + about environment variables. + + Note that environment variables are not suitable for passing secrets (such as passwords, key material, …) + to service processes. Environment variables set for a unit are exposed to unprivileged clients via D-Bus IPC, + and generally not understood as being data that requires protection. Moreover, environment variables are + propagated down the process tree, including across security boundaries (such as setuid/setgid executables), and + hence might leak to processes that should not have access to the secret data.