[cap-talk] Don't put capabilities in argv?

Dean Tribble tribble at e-dean.com
Sat Jul 12 20:10:52 CDT 2008


On Sat, Jul 12, 2008 at 5:14 PM, Kevin Reid <kpreid at mac.com> wrote:
> On Jul 12, 2008, at 17:43, Kevin Reid wrote:
>
>> AFAIK, typical unix systems reveal command-line arguments of all
>> processes to all users.
...
> * The simplest safe-by-default mechanism I can think of is to read the
> capability from a file whose name is passed on the command line.

I was also going to suggest that (since it's what CapDesk does).
Programs don't pass capabilities this way; they use some other
architecture, but they store them and make them available and/or
persistent for users this way.

You could also follow the pattern in the "what if files were
objects"examples and use "command < cap" to get the capabilities over
a stream.


More information about the cap-talk mailing list