On Thu, Feb 02, 2012, Paul Dejean wrote: > I'll start working on a patch (even though it'll take me forever) if I > can be confident it wouldn't be vetoed because people don't like the > concept.
It shouldn't take long at all. You are looking for the sysctl_proc_args function in sys/kern/kern_sysctl.c. That said, I don't think the idea is super popular. > > On Wed, Feb 1, 2012 at 11:00 PM, Richard Toohey > <richardtoo...@paradise.net.nz> wrote: >> On 2/02/2012, at 12:30 PM, Paul Dejean wrote: >> >>> Even though it's bad practice, a lot of commonly programs will request >>> passwords or similar sensitive information as command line arguments. >>> For instance, curl, svn, useradd... There will usually be a way to >>> work around doing things this way (curl can read from a config file >>> for instance), but doing so is a hassle (have to write a new config >>> file for each request). >>> >>> I would really like some way to turn the access unprivileged users >>> have to this information on and off. Ideally I'd like it off by >>> default in OpenBSD (secure by default). >>> >>> Also I would like to add, that even if you folks shoot down this FR as >>> being an awful idea. It's good that there's an operating system >>> community where I feel comfortable bringing up this request, where I >>> wouldn't hear things like: >>> "You have untrusted users on your system? What a n00b" >>> "All security features are off by default, why should it be our >>> responsibility to protects admins from their stupid mistakes?" >>> "omg why should you care. hunting for sensitive information? it's not >>> like anyone actually does that" >>> >> I've got no comment on the idea itself ... >> >> In this "community", the reply is likely to be "great idea, where is > your sample implementation?" >> >> There are not a lot of developers - I'm not one - so generally ideas > need to be accompanied by code. >> >> It's a bit like the school P.T.A. that I help out with - there are lots > of ideas, but very few helpers - ideas welcome, but they need to be > attached to someone willing to actually do the work. >> >> HTH.
