In message <http://marc.info/?l=openbsd-tech&m=131525927014250&w=1>,
Sviatoslav Chagaev <sviatoslav.chagaev () gmail ! com> wrote:
> Further ideas:
> * Maybe depracate and disable the ability to pass the key on the
> command line at all?
I have no objection to allowing keys to be entered from /dev/tty,
but I think forbidding passing them on the command line (in practice,
forbidding setting keys from a script) would be doubleplusungood.
The problem is that in some situations (e.g. a laptop on which I'm the
only user) I don't care about anyone grabbing the command line with ps,
and I'm happy to put the wpa passphrase in a shell script (maybe protected
by being owner root.root & mode 700). I sometimes use scripts like that,
with one shell script for each place (wifi network) whose keys-and-other-
-special-configuration I need to setup.
If we forbid passing keys on the command line, then I'd have to hack up
an expect script to fake "keyboard" input of the key in each such case.
So I strongly prefer retaining scriptability here.
ciao,
--
-- "Jonathan Thornburg [remove -animal to reply]"
<jth...@astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
