[cap-talk] Don't put capabilities in argv?
darius at accesscom.com
Sat Jul 12 22:21:46 CDT 2008
Kevin Reid <kpreid at mac.com> wrote:
> * The simplest safe-by-default mechanism I can think of is to read the
> capability from a file whose name is passed on the command line.
How about passing it in the environment?
dosomething --arg1 secretpassword
This has at least the flaw that environment variables have dynamic
scope; but the filesystem is a global scope as well.
More information about the cap-talk