From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 3 May 2022 11:37:04 +0000 (+0200)
Subject: docs/SECURITY-PROCESS.md: "Visible command line arguments"
X-Git-Tag: curl-7_83_1~41
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=45c578f6628c5f43d3922a342628caaa624b5e77;p=thirdparty%2Fcurl.git

docs/SECURITY-PROCESS.md: "Visible command line arguments"
---

diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index f6e0d31b63..a7e86615c4 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -197,3 +197,18 @@ considered security vulnerabilities. The WHATWG URL Specification and RFC
 interoperable](https://github.com/bagder/docs/blob/master/URL-interop.md).
 
 Obvious parser bugs can still be vulnerabilities of course.
+
+## Visible command line arguments
+
+The curl command blanks the contents of a number of command line arguments to
+prevent them from appearing in process listings. It does not blank all
+arguments even if some of them that are not blanked might contain sensitive
+data. We consider this functionality a best-effort and omissions are not
+security vulnerabilities.
+
+ - not all systems allow the arguments to be blanked in the first place
+ - since curl blanks the argument itself they will be readable for a short
+   moment in time no matter what
+ - virtually every argument can contain sensitive data, depending on use
+ - blanking all arguments would make it impractical for users to differentiate
+   curl command lines in process listings