[cap-talk] Don't put capabilities in argv?

Jasvir Nagra jas at nagras.com
Sun Jul 13 00:30:05 CDT 2008

On Sat, Jul 12, 2008 at 8:21 PM, Darius Bacon <darius at accesscom.com> wrote:
> Kevin Reid <kpreid at mac.com> wrote:
>> * The simplest safe-by-default mechanism I can think of is to read the
>> capability from a file whose name is passed on the command line.
> How about passing it in the environment?
>  arg1=secretpassword dosomething
> instead of
>  dosomething --arg1 secretpassword
> This has at least the flaw that environment variables have dynamic
> scope; but the filesystem is a global scope as well.

Unfortunately a process's environment is just as visible to other
users as the command line arguments.

rorohiko$ foo=1 yes > /dev/null &
rorohiko$ ps e -A | grep yes
 3613 s000  R+     0:28.68 yes foo=1
TERM_PROGRAM=Apple_Terminal M2=/usr/local/apache-maven//bin
TERM=xterm-color SHELL=/bin/bash

More information about the cap-talk mailing list