A last word on --passphrase-fd

Alan Shutko ats@acm.org
21 Jan 2000 17:36:21 -0500

Frank Tobin <ftobin@uiuc.edu> writes:

> in via an argument; it is only a problem if other users on the system can
> see the argument list of other users's processes. And this should not be
> taken for granted, just because most people use Linux where this is
> possible.
How about, just because most people use things other than FreeBSD, where this is possible? Every Unix I've ever worked on lets you see other people's command line arguments. Apparently, this is no longer the case on recent FreeBSDs, but what other Unices restrict this info as well? I suppose you could add a configure option to allow passing the passphrase in on the command line. Making it a hassle to enable would make it more likely that the programmer would think about the risks involved. But allowing it willy-nilly would probably result in a lot of usage by people who didn't realize that anyone could see it. -- Alan Shutko <ats@acm.org> - In a variety of flavors! Bizarreness is the essence of the exotic.