Possible bug: unable to lock memory with libgcrypt 1.7.4 on macOS Sierra 10.12.1

Adam Liter io at adamliter.org
Sun Dec 11 02:26:12 CET 2016


Hmm, I wonder if this is not necessarily a bug with libgcrypt 1.7.4 but 
rather has something to do with how Homebrew is compiling the binary. It 
seems there is some sort of workaround being used in order to avoid a 
possible issue with Clang: 
https://github.com/Homebrew/homebrew-core/blob/06820e6fb69114fe33b06a2b2b571f73bb828caf/Formula/libgcrypt.rb#L33

I know absolutely nothing about the details here, so I can't say much 
more. But, hopefully this information is useful. Thanks again for your 
time!

Best,

Adam Liter

On 10 Dec 2016, at 20:08, Adam Liter wrote:

> Hello,
>
> I think there might be a bug with libgrcypt 1.7.4 with regard to 
> locking memory on macOS Sierra 10.12.1. Today, the package manager 
> Homebrew bumped to libgcrypt version 1.7.4 (see here: 
> https://github.com/Homebrew/homebrew-core/commit/06820e6fb69114fe33b06a2b2b571f73bb828caf)
>
> After updating my installed packages with Homebrew, I'm no longer able 
> to use gpg2 with --require-secmem (even if I make the gpg2 binary have 
> the setuid root bit flipped, as suggested here: 
> https://lists.gnupg.org/pipermail/gnupg-users/1999-August/004024.html):
>
> ```
>
> $ /usr/local/Cellar/gnupg2/2.0.30_2/bin/gpg2 --version
> gpg (GnuPG) 2.0.30
> libgcrypt 1.7.4
> Copyright (C) 2015 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later 
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA, RSA, ELG, DSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>         CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
>
> $ /usr/local/Cellar/gnupg2/2.0.30_2/bin/gpg2 --require-secmem
> Warning: using insecure memory!
> gpg: will not run with insecure memory due to --require-secmem
>
> ```
>
> On the other hand, I also have a gpg2 binary from the MacGPG Suite, 
> which is linked against an older version of libgcrypt, and is able to 
> execute when passed the --require-secmem option:
>
> ```
>
> $ /usr/local/MacGPG2/bin/gpg2 --version
> gpg (GnuPG/MacGPG2) 2.0.30
> libgcrypt 1.6.6
> Copyright (C) 2015 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later 
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA, RSA, ELG, DSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>         CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
>
> $ /usr/local/MacGPG2/bin/gpg2 --require-secmem
> gpg: Go ahead and type your message ...
> ^C
> gpg: signal Interrupt caught ... exiting
>
> ```
>
> (You can find these same details here: 
> http://apple.stackexchange.com/q/264350/85567)
>
> I don't really know anything about the underlying libraries, so I have 
> no idea what the bug is, but those are my reasons for thinking that 
> there is a bug in the new 1.7.4 version with regard to locking memory 
> in macOS 10.12.1.
>
> Thanks for the great software!
>
> Best,
>
> Adam Liter



More information about the Gcrypt-devel mailing list