they're not necessarily the arguments see setproctitle(3) and the behaviour of; e.g., sendmail, dhclient, etc
On Wed, Feb 1, 2012 at 7:00 PM, Paul Dejean <p...@officegps.com> wrote: > Even though it's bad practice, a lot of commonly programs will request > passwords or similar sensitive information as command line arguments. > For instance, curl, svn, useradd... There will usually be a way to > work around doing things this way (curl can read from a config file > for instance), but doing so is a hassle (have to write a new config > file for each request). > > I would really like some way to turn the access unprivileged users > have to this information on and off. Ideally I'd like it off by > default in OpenBSD (secure by default). > > Also I would like to add, that even if you folks shoot down this FR as > being an awful idea. It's good that there's an operating system > community where I feel comfortable bringing up this request, where I > wouldn't hear things like: > "You have untrusted users on your system? What a n00b" > "All security features are off by default, why should it be our > responsibility to protects admins from their stupid mistakes?" > "omg why should you care. hunting for sensitive information? it's not > like anyone actually does that"
