2ee993fe |
1 | Template: catacomb-bin/pixie-is-setuid |
2 | Type: boolean |
3 | Default: true |
4 | Description: Install pixie setuid-root? |
5 | Catacomb provides a `passphrase pixie' which prompts for passphrases |
6 | (either on its terminal or using an external command) and remembers them |
7 | for a configurable period of time. |
8 | . |
9 | For added security, the pixie can ensure that the memory it uses for |
10 | passphrases is not swapped to disk. To do this, it must be installed |
11 | setuid root. While the pixie has been carefully written so that this |
12 | shouldn't be a security problem -- it allocates a small amount of memory, |
13 | marks it as unswappable and then drops privileges immediately -- it may |
14 | make some administrators nervous, so you have the option. |