[cap-talk] Don't put capabilities in argv?

Rob Meijer capibara at xs4all.nl
Sun Jul 13 03:39:09 CDT 2008

On Sun, July 13, 2008 07:30, Jasvir Nagra wrote:
> On Sat, Jul 12, 2008 at 8:21 PM, Darius Bacon <darius at accesscom.com>
> wrote:
>> Kevin Reid <kpreid at mac.com> wrote:
>>> * The simplest safe-by-default mechanism I can think of is to read the
>>> capability from a file whose name is passed on the command line.
>> How about passing it in the environment?
>>  arg1=secretpassword dosomething
>> instead of
>>  dosomething --arg1 secretpassword
>> This has at least the flaw that environment variables have dynamic
>> scope; but the filesystem is a global scope as well.
> Unfortunately a process's environment is just as visible to other
> users as the command line arguments.

For least authority solutions, it is even a potential problem to be
readable by the 'same' user. In fact, the user is not all that relevant a


More information about the cap-talk mailing list