Commit | Line | Data |
---|---|---|
2ee993fe | 1 | Template: catacomb-bin/pixie-is-setuid |
2 | Type: boolean | |
5d01b1b9 | 3 | Default: false |
2ee993fe | 4 | Description: Install pixie setuid-root? |
5 | Catacomb provides a `passphrase pixie' which prompts for passphrases | |
6 | (either on its terminal or using an external command) and remembers them | |
7 | for a configurable period of time. | |
8 | . | |
9 | For added security, the pixie can ensure that the memory it uses for | |
5d01b1b9 MW |
10 | passphrases is not swapped to disk. Nowadays this usually just works |
11 | assuming that users have a sensible RLIMIT_MEMLOCK setting. Even so, it can | |
12 | be installed setuid root just to make sure. While the pixie has been | |
13 | carefully written so that this shouldn't be a security problem -- it | |
14 | allocates a small amount of memory, marks it as unswappable and then drops | |
15 | privileges immediately -- it's not really recommended any more. If in | |
16 | doubt, say N here. |