[cap-talk] Don't put capabilities in argv?

Jasvir Nagra jas at nagras.com
Sun Jul 13 00:30:05 CDT 2008


On Sat, Jul 12, 2008 at 8:21 PM, Darius Bacon <darius at accesscom.com> wrote:
> Kevin Reid <kpreid at mac.com> wrote:
>> * The simplest safe-by-default mechanism I can think of is to read the
>> capability from a file whose name is passed on the command line.
>
> How about passing it in the environment?
>
>  arg1=secretpassword dosomething
>
> instead of
>
>  dosomething --arg1 secretpassword
>
> This has at least the flaw that environment variables have dynamic
> scope; but the filesystem is a global scope as well.

Unfortunately a process's environment is just as visible to other
users as the command line arguments.

rorohiko$ foo=1 yes > /dev/null &
rorohiko$ ps e -A | grep yes
 3613 s000  R+     0:28.68 yes foo=1
MANPATH=/usr/share/man:/usr/local/share/man:/usr/local/man:/Library/TeX/Distributions/.DefaultTeX/Contents/Man:/usr/X11/man
TERM_PROGRAM=Apple_Terminal M2=/usr/local/apache-maven//bin
TERM=xterm-color SHELL=/bin/bash
TMPDIR=/var/folders/zz/zzzivhrRnAmviuee++2cak+-87g
...


More information about the cap-talk mailing list