My notes on making encrypted filesystems "Just Work(tm)"
elanthis at awesomeplay.com
Wed Dec 15 06:57:23 PST 2004
On Wed, 2004-12-15 at 15:44 +0100, Matthias Urlichs wrote:
> Hi, David Zeuthen wrote:
> > Once the passphrase have been obtained in the desktop session, then
> > 'sesame-setup --device=/dev/sda1 --passphrase=mysecret22'
> > should be run by root.
> No it should not. NEVER pass a passphrase in an argument.
The "why" of this, for those who don't know already, is because non-
privileged users on most machines can view the arguments passed to
executing processes. Just take a look at ps or top output, for example.
Sean Middleditch <elanthis at awesomeplay.com>
AwesomePlay Productions, Inc.
hal mailing list
hal at lists.freedesktop.org
More information about the Hal