Skip to content
  • Douglas Bagnall's avatar
    cmdline:burn: list commands to always burn; warn on unknown · 86843685
    Douglas Bagnall authored
    We burn arguments to all unknown options containing "pass" (e.g.
    "--passionate=false") in case they are a password option, but is bad
    in the case where the unknown option takes no argument but the next
    option *is* a password (like "--overpass --password2 barney". In that
    case "--password2" would be burnt and not "barney".
    The burning behaviour doesn't change with this commit, but users will now
    see an error message explaining that the option was unknown. This is not
    so much aimed at end users -- for who an invalid option will hopefully
    lead to --help like output -- but to developers who add a new "pass"
    This also slightly speeds up the processing of known password options,
    which is a little bit important because we are in a race to replace the
    command line in /proc before an attacker sees it.
    Signed-off-by: default avatarDouglas Bagnall <>
    Reviewed-by: Jo Sutton <j...