On Thu, Feb 2, 2012 at 7:29 AM, Paul Dejean <p...@officegps.com> wrote: > I'll start working on a patch (even though it'll take me forever) if I > can be confident it wouldn't be vetoed because people don't like the > concept.
Don't reinvent wheel https://www.youtube.com/watch?v=JaVnNllZxn4 Eg. actual situation in NetBSD http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20100605_1826.html is quite similar to Solaris, but don't know technical details (how secure is that in fact) > > On Wed, Feb 1, 2012 at 11:00 PM, Richard Toohey > <richardtoo...@paradise.net.nz> wrote: >> On 2/02/2012, at 12:30 PM, Paul Dejean wrote: >> >>> Even though it's bad practice, a lot of commonly programs will request >>> passwords or similar sensitive information as command line arguments. >>> For instance, curl, svn, useradd... There will usually be a way to >>> work around doing things this way (curl can read from a config file >>> for instance), but doing so is a hassle (have to write a new config >>> file for each request). >>> >>> I would really like some way to turn the access unprivileged users >>> have to this information on and off. Ideally I'd like it off by >>> default in OpenBSD (secure by default). >>> >>> Also I would like to add, that even if you folks shoot down this FR as >>> being an awful idea. It's good that there's an operating system >>> community where I feel comfortable bringing up this request, where I >>> wouldn't hear things like: >>> "You have untrusted users on your system? What a n00b" >>> "All security features are off by default, why should it be our >>> responsibility to protects admins from their stupid mistakes?" >>> "omg why should you care. hunting for sensitive information? it's not >>> like anyone actually does that" >>> >> I've got no comment on the idea itself ... >> >> In this "community", the reply is likely to be "great idea, where is your >> sample implementation?" >> >> There are not a lot of developers - I'm not one - so generally ideas need to >> be accompanied by code. >> >> It's a bit like the school P.T.A. that I help out with - there are lots of >> ideas, but very few helpers - ideas welcome, but they need to be attached to >> someone willing to actually do the work. >> >> HTH.
