The page at: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Environment says:
Environment variables set for a unit are exposed to unprivileged clients via D-Bus IPC [...]
I don't have much experience with stuff as low-level as buses, so I'd hugely appreciate someone providing more details (or even a PoC) on this. Specific questions:
- Does this apply to environment variables passed via systemd only, or any process' environment variables?
- Is this attack possible with standard server access, as any other non-privileged user? Does one need to compile an 'exploit' into a binary, or can existing system binaries be used for this? (I found only C examples, nothing e.g. in Bash.)
- If it really is possible for any non-privileged process to read any other's env vars, how is this not a bigger deal? Why then are env vars considered the 'secure option' in most any context?