My notes on making encrypted filesystems "Just Work(tm)"

Sean Middleditch elanthis at awesomeplay.com
Wed Dec 15 06:57:23 PST 2004


On Wed, 2004-12-15 at 15:44 +0100, Matthias Urlichs wrote:
> Hi, David Zeuthen wrote:
> 
> > Once the passphrase have been obtained in the desktop session, then
> > 
> >  'sesame-setup --device=/dev/sda1 --passphrase=mysecret22'
> > 
> > should be run by root.
> 
> No it should not. NEVER pass a passphrase in an argument.

The "why" of this, for those who don't know already, is because non-
privileged users on most machines can view the arguments passed to
executing processes.  Just take a look at ps or top output, for example.

> 
-- 
Sean Middleditch <elanthis at awesomeplay.com>
AwesomePlay Productions, Inc.

_______________________________________________
hal mailing list
hal at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/hal



More information about the Hal mailing list