Possible bug: unable to lock memory with libgcrypt 1.7.4 on macOS Sierra 10.12.1
Adam Liter
io at adamliter.org
Sun Dec 11 02:08:52 CET 2016
Hello,
I think there might be a bug with libgrcypt 1.7.4 with regard to locking
memory on macOS Sierra 10.12.1. Today, the package manager Homebrew
bumped to libgcrypt version 1.7.4 (see here:
https://github.com/Homebrew/homebrew-core/commit/06820e6fb69114fe33b06a2b2b571f73bb828caf)
After updating my installed packages with Homebrew, I'm no longer able
to use gpg2 with --require-secmem (even if I make the gpg2 binary have
the setuid root bit flipped, as suggested here:
https://lists.gnupg.org/pipermail/gnupg-users/1999-August/004024.html):
```
$ /usr/local/Cellar/gnupg2/2.0.30_2/bin/gpg2 --version
gpg (GnuPG) 2.0.30
libgcrypt 1.7.4
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
$ /usr/local/Cellar/gnupg2/2.0.30_2/bin/gpg2 --require-secmem
Warning: using insecure memory!
gpg: will not run with insecure memory due to --require-secmem
```
On the other hand, I also have a gpg2 binary from the MacGPG Suite,
which is linked against an older version of libgcrypt, and is able to
execute when passed the --require-secmem option:
```
$ /usr/local/MacGPG2/bin/gpg2 --version
gpg (GnuPG/MacGPG2) 2.0.30
libgcrypt 1.6.6
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
$ /usr/local/MacGPG2/bin/gpg2 --require-secmem
gpg: Go ahead and type your message ...
^C
gpg: signal Interrupt caught ... exiting
```
(You can find these same details here:
http://apple.stackexchange.com/q/264350/85567)
I don't really know anything about the underlying libraries, so I have
no idea what the bug is, but those are my reasons for thinking that
there is a bug in the new 1.7.4 version with regard to locking memory in
macOS 10.12.1.
Thanks for the great software!
Best,
Adam Liter
More information about the Gcrypt-devel
mailing list