forked from Lainports/opnsense-ports
8cb1a96ede
Taken from: https://github.com/freebsd/freebsd-ports.git Commit id: 5070672073b68be364139bc6b3a89100bd17d331
33 lines
1.4 KiB
Text
33 lines
1.4 KiB
Text
===============================================================================
|
|
Important security considerations
|
|
===============================================================================
|
|
|
|
Before using the 'edit' subcommand interactively, it's recommended to set the
|
|
SECURE_TMPDIR environment variable to a location that isn't written to disk,
|
|
such as a tmpfs mount, ideally using encrypted swap:
|
|
|
|
https://www.freebsd.org/doc/handbook/swap-encrypting.html
|
|
|
|
Also keep in mind your editor may create temporary files and backups in other
|
|
locations - consider disabling these features for files matching the pattern
|
|
lpass.* or within your $SECURE_TMPDIR. For example, with vim:
|
|
|
|
autocmd BufRead lpass.* setlocal noundofile nowritebackup noswapfile
|
|
|
|
|
|
===============================================================================
|
|
Using OpenSSL from ports
|
|
===============================================================================
|
|
|
|
If you're using security/openssl, ensure ftp/curl is configured with the
|
|
HEIMDAL_PORT option to avoid linking to two different OpenSSL libraries.
|
|
|
|
|
|
===============================================================================
|
|
Other steps
|
|
===============================================================================
|
|
|
|
lpass requires /proc to be mounted for correct operation. To enable it add
|
|
the following to /etc/fstab and run 'mount /proc':
|
|
|
|
proc /proc procfs rw 0 0
|