On Sun, Mar 25, 2018 at 7:23 AM, Thomas Jollans <t...@tjol.eu> wrote: > On 24/03/18 20:41, Chris Angelico wrote: >> On Sun, Mar 25, 2018 at 4:24 AM, Peter J. Holzer <hjp-pyt...@hjp.at> wrote: >>> On 2018-03-23 11:50:52 -0700, Dan Stromberg wrote: >>>> I'd put them in a file with access to the daemon.. >>>> >>>> Putting credentials in an environment variable is insecure on Linux, >>>> because ps auxwwe lists environment variables. >>> >>> But only those of your own processes. So both methods are about equally >>> secure: If you can become the daemon user (or root), then you can read >>> the secret. >> >> If you can become the daemon user, you can do whatever the daemon user >> can. > > If you're using something like SELinux, I don't think that's > *necessarily* true (but I really don't know much about SELinux).
Me neither. Anyone here happen to know? > Normally, though, I should think that protecting the secret with user > isolation (e.g. by putting it into a file with the right permissions) > should be fine. > > Environment variables should be fine too, but really this just moves the > problem up one level: where does the parent process get the secret when > it sets up the environment? A common situation is that the secret is owned by *root*, not the daemon process's user. So the parent process, running as root, reads the secret into memory, then forks, drops privileges, and exec's to the daemon with the secret in the environment. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
