[cap-talk] Don't put capabilities in argv?
Jonathan S. Shapiro
shap at eros-os.com
Sat Jul 12 21:25:20 CDT 2008
On Sat, 2008-07-12 at 15:43 -0700, David Wagner wrote:
> Kevin Reid writes:
> In article <261C264E-31CF-4980-9EEA-22A046FBF59F at mac.com> you write:
> >AFAIK, typical unix systems reveal command-line arguments of all
> >processes to all users. [..] Are there ways to eliminate the problem?
> Yes. Overwrite your own argv to hide the command-line arguments.
This is a solution that relies on winning a race that you cannot
reliably win on a heavily loaded machine.
Better to put things into a private file name space that the receiving
application reads on startup.
More information about the cap-talk