I'll start working on a patch (even though it'll take me forever) if I can be confident it wouldn't be vetoed because people don't like the concept.
On Wed, Feb 1, 2012 at 11:00 PM, Richard Toohey <richardtoo...@paradise.net.nz> wrote: > On 2/02/2012, at 12:30 PM, Paul Dejean wrote: > >> Even though it's bad practice, a lot of commonly programs will request >> passwords or similar sensitive information as command line arguments. >> For instance, curl, svn, useradd... There will usually be a way to >> work around doing things this way (curl can read from a config file >> for instance), but doing so is a hassle (have to write a new config >> file for each request). >> >> I would really like some way to turn the access unprivileged users >> have to this information on and off. Ideally I'd like it off by >> default in OpenBSD (secure by default). >> >> Also I would like to add, that even if you folks shoot down this FR as >> being an awful idea. It's good that there's an operating system >> community where I feel comfortable bringing up this request, where I >> wouldn't hear things like: >> "You have untrusted users on your system? What a n00b" >> "All security features are off by default, why should it be our >> responsibility to protects admins from their stupid mistakes?" >> "omg why should you care. hunting for sensitive information? it's not >> like anyone actually does that" >> > I've got no comment on the idea itself ... > > In this "community", the reply is likely to be "great idea, where is your > sample implementation?" > > There are not a lot of developers - I'm not one - so generally ideas need to > be accompanied by code. > > It's a bit like the school P.T.A. that I help out with - there are lots of > ideas, but very few helpers - ideas welcome, but they need to be attached to > someone willing to actually do the work. > > HTH.
