[tahoe-dev] Fwd: [cap-talk] Don't put capabilities in argv?
zooko
zooko at zooko.com
Sat Jul 12 15:00:35 PDT 2008
Folks:
Argh. This is a significant issue for the Tahoe CLI. I don't like
it, because capabilities are really useful to use as the identifiers
for things, and identifiers for things are really useful to use as
command-line arguments for your commands, but Kevin Reid correctly
points out that your command-line arguments are exposed to all other
users on your unix system.
Argh.
I guess this means that the "aliases" in the tahoe CLI, which we were
already supporting for convenience reasons now needs to become the
only way to refer to capabilities in your command-line.
It also means that we need to add this security issue to the known
issues file [1] and update the CLI.txt docs [2] to not encourage
people to use caps on the command-line.
Argh. Stupid unix.
Regards,
Zooko
[1] http://allmydata.org/trac/tahoe/browser/docs/known_issues.txt
[2] http://allmydata.org/trac/tahoe/browser/docs/CLI.txt
Begin forwarded message:
> From: Kevin Reid <kpreid at mac.com>
> Date: July 12, 2008 15:43:50 PM MDT
> To: "General discussions concerning capability systems." <cap-
> talk at mail.eros-os.org>
> Subject: [cap-talk] Don't put capabilities in argv?
> Reply-To: "General discussions concerning capability systems." <cap-
> talk at mail.eros-os.org>
>
> AFAIK, typical unix systems reveal command-line arguments of all
> processes to all users.
>
> This implies that (except on a machine where you don't use unix users
> for isolation) password capabilities should not be passed as
> arguments; also that using command-line tools with a password-cap file
> system such as MinorFs or Tahoe is unsafe.
>
> Has this been noticed before? Are there ways to eliminate the problem?
>
> --
> Kevin Reid <http://homepage.mac.com/
> kpreid/>
>
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
More information about the tahoe-dev
mailing list