[cap-talk] [tahoe-dev] Fwd: Don't put capabilities in argv?

zooko zooko at zooko.com
Sat Jul 12 20:59:55 CDT 2008


[adding Cc: cap-talk; As an admin of tahoe-dev, I have just added all  
known
cap-talk subscribers to the automatic-accept list for tahoe-dev, so  
if you are
reading this on cap-talk and you reply to both lists your reply will  
go through
to tahoe-dev.  On the other hand if you are reading this on tahoe-dev  
and you
reply to both lists your reply will probably not go through to cap- 
talk unless
you first subscribe to cap-talk.]


On Jul 12, 2008, at 16:18 PM, Ben Hyde wrote:

 > The usual work around is to overwrite your argv.  In fact some  
people enjoy
 > displaying process status that
 > way. <http://cr.yp.to/daemontools/readproctitle.html

Thanks for the suggestion, Ben.  That suggestion and others are now  
being
discussed on the cap-talk mailing list [1].

David Wagner suggested what you suggested, and Kevin Reid's reply  
(which is what
I was thinking, too) was:

while true; do ps axww | grep cap: >> gathered done

Kevin also gave various arguments why leaking your authority to  
everyone who can
run ps on your operating system might not always be a show-stopper.

But I guess I'll probably get comfortable with having all caps on the  
tahoe
command-line represented by their aliases instead of by the actual  
capability.
I really like the Python motto: "There is only one way to do it.", so  
I'm
inclined to try to make the aliases mechanism good enough for most  
purposes and
deprecate the caps-on-the-command-line mechanism entirely.

Regards,

Zooko

[1] http://www.eros-os.org/pipermail/cap-talk/2008-July/date.html



More information about the cap-talk mailing list