[tahoe-dev] Fwd: [cap-talk] Don't put capabilities in argv?
zooko
zooko at zooko.com
Sat Jul 12 18:59:55 PDT 2008
[adding Cc: cap-talk; As an admin of tahoe-dev, I have just added all
known
cap-talk subscribers to the automatic-accept list for tahoe-dev, so
if you are
reading this on cap-talk and you reply to both lists your reply will
go through
to tahoe-dev. On the other hand if you are reading this on tahoe-dev
and you
reply to both lists your reply will probably not go through to cap-
talk unless
you first subscribe to cap-talk.]
On Jul 12, 2008, at 16:18 PM, Ben Hyde wrote:
> The usual work around is to overwrite your argv. In fact some
people enjoy
> displaying process status that
> way. <http://cr.yp.to/daemontools/readproctitle.html
Thanks for the suggestion, Ben. That suggestion and others are now
being
discussed on the cap-talk mailing list [1].
David Wagner suggested what you suggested, and Kevin Reid's reply
(which is what
I was thinking, too) was:
while true; do ps axww | grep cap: >> gathered done
Kevin also gave various arguments why leaking your authority to
everyone who can
run ps on your operating system might not always be a show-stopper.
But I guess I'll probably get comfortable with having all caps on the
tahoe
command-line represented by their aliases instead of by the actual
capability.
I really like the Python motto: "There is only one way to do it.", so
I'm
inclined to try to make the aliases mechanism good enough for most
purposes and
deprecate the caps-on-the-command-line mechanism entirely.
Regards,
Zooko
[1] http://www.eros-os.org/pipermail/cap-talk/2008-July/date.html
More information about the tahoe-dev
mailing list