So turn off the option by default, and downgrade the question. Also
make the documentation more useful and up-to-date.
#! /bin/sh -e
. /usr/share/debconf/confmodule
db_version 2.0
#! /bin/sh -e
. /usr/share/debconf/confmodule
db_version 2.0
-db_input medium catacomb-bin/pixie-is-setuid || true
+db_input low catacomb-bin/pixie-is-setuid || true
Template: catacomb-bin/pixie-is-setuid
Type: boolean
Template: catacomb-bin/pixie-is-setuid
Type: boolean
Description: Install pixie setuid-root?
Catacomb provides a `passphrase pixie' which prompts for passphrases
(either on its terminal or using an external command) and remembers them
for a configurable period of time.
.
For added security, the pixie can ensure that the memory it uses for
Description: Install pixie setuid-root?
Catacomb provides a `passphrase pixie' which prompts for passphrases
(either on its terminal or using an external command) and remembers them
for a configurable period of time.
.
For added security, the pixie can ensure that the memory it uses for
- passphrases is not swapped to disk. To do this, it must be installed
- setuid root. While the pixie has been carefully written so that this
- shouldn't be a security problem -- it allocates a small amount of memory,
- marks it as unswappable and then drops privileges immediately -- it may
- make some administrators nervous, so you have the option.
+ passphrases is not swapped to disk. Nowadays this usually just works
+ assuming that users have a sensible RLIMIT_MEMLOCK setting. Even so, it can
+ be installed setuid root just to make sure. While the pixie has been
+ carefully written so that this shouldn't be a security problem -- it
+ allocates a small amount of memory, marks it as unswappable and then drops
+ privileges immediately -- it's not really recommended any more. If in
+ doubt, say N here.
.\"
.SS "Memory management"
During initialization, the pixie attempts to allocate a block of memory
.\"
.SS "Memory management"
During initialization, the pixie attempts to allocate a block of memory
-from the kernel and protect it against being swapped to disk. On most
-systems, this requires that the pixie start with root privileges,
-although it will drop them as soon as it can (before parsing
-command-line options).
+from the kernel and protect it against being swapped to disk. On Linux
+and other systems with
+.B RLIMIT_MEMLOCK
+or similar, this should just work assuming that the limit is set
+sensibly. On other systems, this requires that the pixie start with
+root privileges, although it will drop them as soon as it can (before
+parsing command-line options, for example).
.PP
The locked memory is used for all of the passphrases which the pixie
stores, and for the buffers used to hold requests from clients.
.PP
The locked memory is used for all of the passphrases which the pixie
stores, and for the buffers used to hold requests from clients.