[cap-talk] Don't put capabilities in argv?

[Kevin Reid]

AFAIK, typical unix systems reveal command-line arguments of all  
processes to all users.

This implies that (except on a machine where you don't use unix users  
for isolation) password capabilities should not be passed as  
arguments; also that using command-line tools with a password-cap file  
system such as MinorFs or Tahoe is unsafe.

Has this been noticed before? Are there ways to eliminate the problem?

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>