| ▲ | I prefer to pass secrets between programs through standard input(utcc.utoronto.ca) |
| 61 points by ingve 2 days ago | 28 comments |
| |
|
| ▲ | kevin_thibedeau 2 days ago | parent | next [-] |
| > Unfortunately you're using a browser (or client library) that my anti-crawler precautions consider suspicious because it's sending inconsistent values for Sec-CH-UA-* HTTP request headers... The world doesn't exclusively use Chrome. Nice to see even the nerds are contributing to the closed web. |
| |
| ▲ | Alex-Programs a day ago | parent | next [-] | | It's also moaning about me coming from a datacentre IP (proxy) with some vague complaints about load introduced by AI crawlers. I think this guy treats "protecting" his site as a hobby. | |
| ▲ | edwcross a day ago | parent | prev | next [-] | | I'm using Firefox and didn't see that message. | | |
| ▲ | swiftcoder a day ago | parent [-] | | Nor on Safari. I wonder what exotic browser the parent is using? | | |
| ▲ | ErroneousBosh a day ago | parent [-] | | Doesn't appear to be Firefox, Chrome, Chromium, Edge, or Falkon on Linux, doesn't appear to be Falkon on Haiku. I also wonder what they're using and where can I get some so I can break stuff too? | | |
|
| |
| ▲ | 7e a day ago | parent | prev | next [-] | | Not working well with something that doesn't conform to the WICG User-Agent Client Hints specification is an interesting definition of "closed." More like, "I have standards." And it's hardly closed if you can get the information by using literally almost any other client. | |
| ▲ | efilife a day ago | parent | prev | next [-] | | I am on ungoogled chromium and I see this | |
| ▲ | mhitza a day ago | parent | prev | next [-] | | Also site is not accessible via Mullvad VPN. | | |
| ▲ | figmert a day ago | parent | next [-] | | I am on Mullvad (at the router), and I am able to connect. | | | |
| ▲ | zxcvasd a day ago | parent | prev [-] | | i am on mullvad and accessing it fine. if you are on one of the default exit nodes, try switching it. i find the default nodes get blocked by a lot of sites, likely due to malicious behavior of other users. |
| |
| ▲ | a day ago | parent | prev | next [-] | | [deleted] | |
| ▲ | zxcvasd a day ago | parent | prev [-] | | [dead] |
|
|
| ▲ | azornathogron a day ago | parent | prev | next [-] |
| For one of my projects my server needs a private key, and it reads this from a file descriptor on startup and then closes the fd. The fd is set up by the systemd unit, which is also configured to restrict filesystem access for the server. So the server reads a key from a file that is never visible in its mount namespace. |
| |
| ▲ | computerfriend a day ago | parent | next [-] | | I do something similar with LoadCredential and it is quite amazing, especially when you want to run the application as a dynamic user. | |
| ▲ | infogulch a day ago | parent | prev [-] | | If you keep the fd open maybe you could read refreshed secrets through it for live secret rotation. |
|
|
| ▲ | juancn a day ago | parent | prev | next [-] |
| I used to do that, I had a sort of IDE that launched a local server, bound to localhost. The launching process would send a random password through stdin to the child after launch, and the child would use that to authenticate the further RPC calls. It's surprisingly hard to intercept a process' stdin stream. |
|
| ▲ | Dwedit 2 days ago | parent | prev | next [-] |
| I haven't actually tested this, but aren't the input and output handles exposed on /proc/? What's stopping another process from seeing everything? |
| |
| ▲ | Lex-2008 a day ago | parent | next [-] | | not a Linux expert, but I believe that at the very least it's time sensitive: after consumer process reads it, it's gone from the pipe. Unlike env vars and cli argument that stay there. | |
| ▲ | trashb a day ago | parent | prev | next [-] | | Yes pipes are exposed /proc/$pid/fd/$thePipeFd with user permissions [0]. Additionally command line parameters are always readable /proc/$YOUR_PROCESS_PID/cmdline [1] There are workarounds but it's fragile. You may accept the risks and in that case it can work for you but I wouldn't recommend it for "general security". Seems it wouldn't be considered secure if everyone did it this way, therefore is it security through obscurity? [0] https://unix.stackexchange.com/questions/156859/is-the-data-... [1] https://stackoverflow.com/questions/3830823/hiding-secret-fr... | |
| ▲ | Tajnymag a day ago | parent | prev [-] | | I guess the kernel is stopping that. I don't think permission wise you'd have the privileges to read someone else's stdin/out. |
|
|
| ▲ | pvtmert a day ago | parent | prev | next [-] |
| Interesting approach. I like Docker/Kubernetes way of secret mounts where you can limit user/group permissions too. Meanwhile, I was an avid user of the echo secret | ssh consume approach, specifically for the kerberos authentication. In my workflow, I saved the kerberos password to the macOS keychain, where kinit --use-keychain authenticated me seamlessly. However this wasn't the case for remote machines. Therefore, I have implemented a quick script that is essentially security find-generic-password -a "kerberos" -s "kerberos-password" -w | ssh user@host kinit user@REALM
Which served me really good for the last 4~years. |
|
| ▲ | blibble a day ago | parent | prev | next [-] |
| linux has a key api that works pretty well man keyctl |
|
| ▲ | Spivak a day ago | parent | prev | next [-] |
| For your actual production systems you might consider systemd-creds along with the LoadCredential= and LoadCredentialEncrypted= directives which do the* right thing. Nothing is exposed and credentials are placed in non-swappable memory. You can even have your credentials encrypted at rest with your system's TPM. * Well, one of the correct ways of doing this. |
|
| ▲ | stale-labs a day ago | parent | prev [-] |
| [flagged] |
| |
| ▲ | reliefcrew a day ago | parent [-] | | > The main practical win is that cmd args show up in `ps aux` for anyone on the system to see, whereas stdin keeps it off that list. For those interested, re-mounting /proc with hidepid can prevent this: `mount -o remount,rw,hidepid=2 /proc`
|
|
