On Wed, 2023-07-26 at 14:02 +0200, Enrico Scholz via lists.openembedded.org wrote: > Alexander Kanavin <alex.kana...@gmail.com> writes: > > > > Else, there are sometimes not many ways to work without them. > > > E.g. SSTATE_MIRRORS has contain the secret token because it is > > > used directly by bitbake; perhaps I could use a wget wrapper and > > > write a custom curl python class... > > > > Yes, the secret needs to be in a file (or other access-controlled > > facility), and read from it by the process that needs it, and only > > directly prior to using it. Having it in a bitbake variable which gets > > passed through a million tasks and components > > Where is the problem? I known only one component > (rootfs-postcommands.bbclass) which dumps the whole environment and > leaks it. > > Else, when there is a malicious component that wants to steal secrets > from a bitbake variable, what would stop it from reading the secret from > a file? > > Your suggestion (write secrets in files instead of bitbake variables) > does not improve security but causes only extra work.
It does improve security since there is an extra step to get the data and you can more easily audit when that data is accessed or present. I'd also note that there are patches under review to change rootfs- postcommands to only export a known list of variables for other reasons so this problem should go away when we get that patch merged. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#184882): https://lists.openembedded.org/g/openembedded-core/message/184882 Mute This Topic: https://lists.openembedded.org/mt/100368202/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
