Opened at 2014-11-19T05:35:25Z
Last modified at 2014-11-19T07:37:22Z
#2331 assigned defect
don't display capabilities without user explicitly asking for it
| Reported by: | leif | Owned by: | daira |
|---|---|---|---|
| Priority: | normal | Milestone: | undecided |
| Component: | code-frontend-cli | Version: | 1.10.0 |
| Keywords: | security capleak | Cc: | |
| Launchpad Bug: |
Description
Displaying secrets on the screen is undesirable if you aren't sure your screen isn't being viewed by a hostile camera.
There are several tahoe CLI commands that do this, all of which are commands that I'd like to be able to run without displaying capabilities:
- list-aliases
- put
- backup -v
Without -v, there is no indication of the backup command's progress. #1748 is the ticket about adding a progress bar, but it would also be useful to be able to use -v to see what is going on without printing secrets to the screen.
I suggest that all of these commands should get a new --show-caps option, and should not show capabilities when that option is not used.
Change History (1)
comment:1 Changed at 2014-11-19T07:37:22Z by daira
- Component changed from unknown to code-frontend-cli
- Keywords security capleak added
- Owner set to daira
- Status changed from new to assigned
Note: See
TracTickets for help on using
tickets.
