Today I learned that unprivileged users can run "systemctl show servicename" to see all the environment variables set in the .service file.

This means if someone sets their AWS_SECRET_ACCESS_KEY in there (or any other secret), it can be read by an attacker even if they don't have read privileges to read the .service file.

For defenders, use EnvironmentFile= instead of Environment= and as long as your environment file has the correct privileges, you will be fine on this front.

@adam
systemd and its consequences have been a disaster for the human race

@r000t

I don't like Systemd but I find it hard to find a distro for desktop/laptop that is not Systemd as I find many of my options there to be a PITA to work with.

Follow

@r000t

Can't say I was a fan of the installer for Deuvan. If I had more patience Artix would be perfect. MX Linux was closest to grabbing me if that counts.

Sign in to participate in the conversation
LinuxRocks.Online

Linux geeks doing what Linux geeks do...