Today I learned that unprivileged users can run "systemctl show servicename" to see all the environment variables set in the .service file.

This means if someone sets their AWS_SECRET_ACCESS_KEY in there (or any other secret), it can be read by an attacker even if they don't have read privileges to read the .service file.

For defenders, use EnvironmentFile= instead of Environment= and as long as your environment file has the correct privileges, you will be fine on this front.

Follow

I didn't specifically mention it before, but the assumption here is that the attacker can run commands on your server as an unprivileged user. So they did something like exploit this: freeradical.zone/@thenewoil/10

The impact is that they may then be able to elevate privileges or pivot to other parts of the infrastructure using any secrets they find.

Sign in to participate in the conversation
hax0rbana.social

Mostly hackers, mostly in Urbana, IL, talking to each other & our friends on like-minded servers without giving our personal data to the marketing machine.