[cap-talk] Don't put capabilities in argv?
zooko at zooko.com
Sat Jul 12 17:01:28 CDT 2008
Here is a copy of my post about this to tahoe-dev:
Argh. This is a significant issue for the Tahoe CLI. I don't like
it, because capabilities are really useful to use as the identifiers
for things, and identifiers for things are really useful to use as
command-line arguments for your commands, but Kevin Reid correctly
points out that your command-line arguments are exposed to all other
users on your unix system.
I guess this means that the "aliases" in the tahoe CLI, which we were
already supporting for convenience reasons now needs to become the
only way to refer to capabilities in your command-line.
It also means that we need to add this security issue to the known
issues file  and update the CLI.txt docs  to not encourage
people to use caps on the command-line.
Argh. Stupid unix.
More information about the cap-talk