On 2/02/2012, at 12:30 PM, Paul Dejean wrote: > Even though it's bad practice, a lot of commonly programs will request > passwords or similar sensitive information as command line arguments. > For instance, curl, svn, useradd... There will usually be a way to > work around doing things this way (curl can read from a config file > for instance), but doing so is a hassle (have to write a new config > file for each request). > > I would really like some way to turn the access unprivileged users > have to this information on and off. Ideally I'd like it off by > default in OpenBSD (secure by default). > > Also I would like to add, that even if you folks shoot down this FR as > being an awful idea. It's good that there's an operating system > community where I feel comfortable bringing up this request, where I > wouldn't hear things like: > "You have untrusted users on your system? What a n00b" > "All security features are off by default, why should it be our > responsibility to protects admins from their stupid mistakes?" > "omg why should you care. hunting for sensitive information? it's not > like anyone actually does that" > I've got no comment on the idea itself ...
In this "community", the reply is likely to be "great idea, where is your sample implementation?" There are not a lot of developers - I'm not one - so generally ideas need to be accompanied by code. It's a bit like the school P.T.A. that I help out with - there are lots of ideas, but very few helpers - ideas welcome, but they need to be attached to someone willing to actually do the work. HTH.
