#2331 assigned defect

don't display capabilities without user explicitly asking for it

Reported by: leif Owned by: daira
Priority: normal Milestone: undecided
Component: code-frontend-cli Version: 1.10.0
Keywords: security capleak Cc:
Launchpad Bug:


Displaying secrets on the screen is undesirable if you aren't sure your screen isn't being viewed by a hostile camera.

There are several tahoe CLI commands that do this, all of which are commands that I'd like to be able to run without displaying capabilities:

  • list-aliases
  • put
  • backup -v

Without -v, there is no indication of the backup command's progress. #1748 is the ticket about adding a progress bar, but it would also be useful to be able to use -v to see what is going on without printing secrets to the screen.

I suggest that all of these commands should get a new --show-caps option, and should not show capabilities when that option is not used.

Change History (1)

comment:1 Changed at 2014-11-19T07:37:22Z by daira

  • Component changed from unknown to code-frontend-cli
  • Keywords security capleak added
  • Owner set to daira
  • Status changed from new to assigned
Note: See TracTickets for help on using tickets.