Template: catacomb-bin/pixie-is-setuid
Type: boolean
-Default: true
+Default: false
Description: Install pixie setuid-root?
Catacomb provides a `passphrase pixie' which prompts for passphrases
(either on its terminal or using an external command) and remembers them
for a configurable period of time.
.
For added security, the pixie can ensure that the memory it uses for
- passphrases is not swapped to disk. To do this, it must be installed
- setuid root. While the pixie has been carefully written so that this
- shouldn't be a security problem -- it allocates a small amount of memory,
- marks it as unswappable and then drops privileges immediately -- it may
- make some administrators nervous, so you have the option.
+ passphrases is not swapped to disk. Nowadays this usually just works
+ assuming that users have a sensible RLIMIT_MEMLOCK setting. Even so, it can
+ be installed setuid root just to make sure. While the pixie has been
+ carefully written so that this shouldn't be a security problem -- it
+ allocates a small amount of memory, marks it as unswappable and then drops
+ privileges immediately -- it's not really recommended any more. If in
+ doubt, say N here.
.\"
.SS "Memory management"
During initialization, the pixie attempts to allocate a block of memory
-from the kernel and protect it against being swapped to disk. On most
-systems, this requires that the pixie start with root privileges,
-although it will drop them as soon as it can (before parsing
-command-line options).
+from the kernel and protect it against being swapped to disk. On Linux
+and other systems with
+.B RLIMIT_MEMLOCK
+or similar, this should just work assuming that the limit is set
+sensibly. On other systems, this requires that the pixie start with
+root privileges, although it will drop them as soon as it can (before
+parsing command-line options, for example).
.PP
The locked memory is used for all of the passphrases which the pixie
stores, and for the buffers used to hold requests from clients.