man: document that env vars are not suitable for passing secrets

author Lennart Poettering <lennart@poettering.net>

Tue, 13 Nov 2018 22:09:32 +0000 (23:09 +0100)

committer Evgeny Vereshchagin <evvers@ya.ru>

Wed, 14 Nov 2018 06:12:49 +0000 (09:12 +0300)
author Lennart Poettering <lennart@poettering.net>
Tue, 13 Nov 2018 22:09:32 +0000 (23:09 +0100)
committer Evgeny Vereshchagin <evvers@ya.ru>
Wed, 14 Nov 2018 06:12:49 +0000 (09:12 +0300)
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml

index 3f05357..41b5d71 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1645,7 +1645,13 @@ SystemCallErrorNumber=EPERM</programlisting>
          <para>
          See <citerefentry
          project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details
-        about environment variables.</para></listitem>
+        about environment variables.</para>
+
+        <para>Note that environment variables are not suitable for passing secrets (such as passwords, key material, …)
+        to service processes. Environment variables set for a unit are exposed to unprivileged clients via D-Bus IPC,
+        and generally not understood as being data that requires protection. Moreover, environment variables are
+        propagated down the process tree, including across security boundaries (such as setuid/setgid executables), and
+        hence might leak to processes that should not have access to the secret data.</para></listitem>
        </varlistentry>
  
        <varlistentry>
author	Lennart Poettering <lennart@poettering.net>
	Tue, 13 Nov 2018 22:09:32 +0000 (23:09 +0100)
committer	Evgeny Vereshchagin <evvers@ya.ru>
	Wed, 14 Nov 2018 06:12:49 +0000 (09:12 +0300)