- passphrases is not swapped to disk. To do this, it must be installed
- setuid root. While the pixie has been carefully written so that this
- shouldn't be a security problem -- it allocates a small amount of memory,
- marks it as unswappable and then drops privileges immediately -- it may
- make some administrators nervous, so you have the option.
+ passphrases is not swapped to disk. Nowadays this usually just works
+ assuming that users have a sensible RLIMIT_MEMLOCK setting. Even so, it can
+ be installed setuid root just to make sure. While the pixie has been
+ carefully written so that this shouldn't be a security problem -- it
+ allocates a small amount of memory, marks it as unswappable and then drops
+ privileges immediately -- it's not really recommended any more. If in
+ doubt, say N here.