[cap-talk] Don't put capabilities in argv?
kpreid at mac.com
Sat Jul 12 16:43:50 CDT 2008
AFAIK, typical unix systems reveal command-line arguments of all
processes to all users.
This implies that (except on a machine where you don't use unix users
for isolation) password capabilities should not be passed as
arguments; also that using command-line tools with a password-cap file
system such as MinorFs or Tahoe is unsafe.
Has this been noticed before? Are there ways to eliminate the problem?
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the cap-talk