Today I learned that unprivileged users can run "systemctl show servicename" to see all the environment variables set in the .service file.

This means if someone sets their AWS_SECRET_ACCESS_KEY in there (or any other secret), it can be read by an attacker even if they don't have read privileges to read the .service file.

For defenders, use EnvironmentFile= instead of Environment= and as long as your environment file has the correct privileges, you will be fine on this front.

systemd and its consequences have been a disaster for the human race


I don't like Systemd but I find it hard to find a distro for desktop/laptop that is not Systemd as I find many of my options there to be a PITA to work with.


Devuan is supposedly Debian without systemd


Can't say I was a fan of the installer for Deuvan. If I had more patience Artix would be perfect. MX Linux was closest to grabbing me if that counts.

Sign in to participate in the conversation

"pissed everyone off in literally record time" - Recommended by 10 out of 10 people who, for some sad reason, have a dedicated column up to watch #fediblock.