| 1 | Template: catacomb-bin/pixie-is-setuid |
| 2 | Type: boolean |
| 3 | Default: false |
| 4 | Description: Install pixie setuid-root? |
| 5 | Catacomb provides a `passphrase pixie' which prompts for passphrases |
| 6 | (either on its terminal or using an external command) and remembers them |
| 7 | for a configurable period of time. |
| 8 | . |
| 9 | For added security, the pixie can ensure that the memory it uses for |
| 10 | passphrases is not swapped to disk. Nowadays this usually just works |
| 11 | assuming that users have a sensible RLIMIT_MEMLOCK setting. Even so, it can |
| 12 | be installed setuid root just to make sure. While the pixie has been |
| 13 | carefully written so that this shouldn't be a security problem -- it |
| 14 | allocates a small amount of memory, marks it as unswappable and then drops |
| 15 | privileges immediately -- it's not really recommended any more. If in |
| 16 | doubt, say N here. |