Comment 1 for bug 2058749
Revision history for this message
| Julia Kreger (juliaashleykreger) wrote Re: IPMI credential exposure | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
I suspect this is a case where a patch would be welcome to change the default mode of operation for that.
But that being said, we're just trading a risk off here.
For example, a restricted file for a service in a container can be harder to get to, but then any administrative user for a conductor could then also pull the environment variables from the system.
The risk fundamentally seems the same, and in either case other users should not be present on the system where a conductor service operates.