A last word on --passphrase-fd

[Alan Shutko]

Frank Tobin <ftobin@uiuc.edu> writes:

> in via an argument; it is only a problem if other users on the system can
> see the argument list of other users's processes.  And this should not be
> taken for granted, just because most people use Linux where this is
> possible.

How about, just because most people use things other than FreeBSD,
where this is possible?

Every Unix I've ever worked on lets you see other people's command
line arguments.  Apparently, this is no longer the case on recent
FreeBSDs, but what other Unices restrict this info as well?

I suppose you could add a configure option to allow passing the
passphrase in on the command line.  Making it a hassle to enable would
make it more likely that the programmer would think about the risks
involved.  But allowing it willy-nilly would probably result in a lot
of usage by people who didn't realize that anyone could see it.

-- 
Alan Shutko <ats@acm.org> - In a variety of flavors!
Bizarreness is the essence of the exotic.