[cap-talk] Don't put capabilities in argv?
zooko
zooko at zooko.com
Sat Jul 12 17:01:28 CDT 2008
Here is a copy of my post about this to tahoe-dev:
http://allmydata.org/pipermail/tahoe-dev/2008-July/000673.html
Folks:
Argh. This is a significant issue for the Tahoe CLI. I don't like
it, because capabilities are really useful to use as the identifiers
for things, and identifiers for things are really useful to use as
command-line arguments for your commands, but Kevin Reid correctly
points out that your command-line arguments are exposed to all other
users on your unix system.
Argh.
I guess this means that the "aliases" in the tahoe CLI, which we were
already supporting for convenience reasons now needs to become the
only way to refer to capabilities in your command-line.
It also means that we need to add this security issue to the known
issues file [1] and update the CLI.txt docs [2] to not encourage
people to use caps on the command-line.
Argh. Stupid unix.
Regards,
Zooko
[1] http://allmydata.org/trac/tahoe/browser/docs/known_issues.txt
[2] http://allmydata.org/trac/tahoe/browser/docs/CLI.txt
More information about the cap-talk
mailing list