|
|
|
|
|
|
by asqueella
612 days ago
|
|
|
Thanks, wouldn’t think of environment being shared via DBus: > Note that environment variables are not suitable for passing secrets (such as passwords, key material, …) to service processes. Environment variables set for a unit are exposed to unprivileged clients via D-Bus IPC, and generally not understood as being data that requires protection. > Moreover, environment variables are propagated down the process tree, including across security boundaries (such as setuid/setgid executables), and hence might leak to processes that should not have access to the secret data. |
|
|