[cap-talk] [tahoe-dev] Fwd: Don't put capabilities in argv?
zooko at zooko.com
Sat Jul 12 20:59:55 CDT 2008
[adding Cc: cap-talk; As an admin of tahoe-dev, I have just added all
cap-talk subscribers to the automatic-accept list for tahoe-dev, so
if you are
reading this on cap-talk and you reply to both lists your reply will
to tahoe-dev. On the other hand if you are reading this on tahoe-dev
reply to both lists your reply will probably not go through to cap-
you first subscribe to cap-talk.]
On Jul 12, 2008, at 16:18 PM, Ben Hyde wrote:
> The usual work around is to overwrite your argv. In fact some
> displaying process status that
> way. <http://cr.yp.to/daemontools/readproctitle.html
Thanks for the suggestion, Ben. That suggestion and others are now
discussed on the cap-talk mailing list .
David Wagner suggested what you suggested, and Kevin Reid's reply
(which is what
I was thinking, too) was:
while true; do ps axww | grep cap: >> gathered done
Kevin also gave various arguments why leaking your authority to
everyone who can
run ps on your operating system might not always be a show-stopper.
But I guess I'll probably get comfortable with having all caps on the
command-line represented by their aliases instead of by the actual
I really like the Python motto: "There is only one way to do it.", so
inclined to try to make the aliases mechanism good enough for most
deprecate the caps-on-the-command-line mechanism entirely.
More information about the cap-talk