My notes on making encrypted filesystems "Just Work(tm)"

Sean Middleditch elanthis at
Wed Dec 15 06:57:23 PST 2004

On Wed, 2004-12-15 at 15:44 +0100, Matthias Urlichs wrote:
> Hi, David Zeuthen wrote:
> > Once the passphrase have been obtained in the desktop session, then
> > 
> >  'sesame-setup --device=/dev/sda1 --passphrase=mysecret22'
> > 
> > should be run by root.
> No it should not. NEVER pass a passphrase in an argument.

The "why" of this, for those who don't know already, is because non-
privileged users on most machines can view the arguments passed to
executing processes.  Just take a look at ps or top output, for example.

Sean Middleditch <elanthis at>
AwesomePlay Productions, Inc.

hal mailing list
hal at

More information about the Hal mailing list