[svn] GnuPG - r5483 - trunk/doc
svn author wk
cvs at cvs.gnupg.org
Tue Nov 16 11:38:13 CET 2010
Author: wk
Date: 2010-11-16 11:38:13 +0100 (Tue, 16 Nov 2010)
New Revision: 5483
Modified:
trunk/doc/faq.org
Log:
Update FAQ
Modified: trunk/doc/faq.org
===================================================================
--- trunk/doc/faq.org 2010-11-11 15:08:48 UTC (rev 5482)
+++ trunk/doc/faq.org 2010-11-16 10:38:13 UTC (rev 5483)
@@ -20,10 +20,9 @@
*WARNING: This FAQ is heavily outdated*. Mentioned versions of GnuPG
have reached end of life many years ago. Almost all bugs and problems
have been fixed in the now current versions of GnuPG. We will try to
-update this FAQ in the next month.
+update this FAQ in the next month. See the section "Changes" for recent updates.
-
* Welcome
:PROPERTIES:
:CUSTOM_ID: welcome
@@ -919,7 +918,33 @@
:CUSTOM_ID: why-do-i-get-gpg_warning_using_insecure_memory
:END:
- On many systems this program should be installed as setuid(root).
+ You see this warning if GPG is not able to lock pages against being
+ swapped out to disk.
+
+ However, on most modern system you should not see this message
+ anymore because these systems allow any process to prevent a small
+ number of memory pages from being swapped out to disk (using the
+ mlock system call). Other (mostly older) systems don't allow this
+ unless you install GPG as setuid(root).
+
+ Locking pages against being swapped out is not necessary if your
+ system uses an encrypted swap partition. In fact that is the best
+ way to protect sensitive data from ending up on a disk. If your
+ system allows for encrypted swap partitions, please make use of
+ that feature. Note that GPG does not know about encrypted swap
+ partitions and might print the warning; thus you should disabled
+ the warning if your swap partition is encrypted. You may also want
+ to disable this warning if you can't or don't want to install GnuPG
+ setuid(root). To disable the warning you put a line
+
+ : no-secmem-warning
+
+ into your ~/.gnupg/gpg.conf file.
+
+ What follows is a short description on how to install GPG
+ setuid(root); for those who need this.
+
+ On some systems this program should be installed as setuid(root).
This is necessary to lock memory pages. Locking memory pages
prevents the operating system from writing them to disk and thereby
keeping your secret keys really secret. If you get no warning
@@ -944,14 +969,6 @@
: $ filepriv -f plock /path/to/gpg
- If you can't or don't want to install GnuPG setuid(root), you can
- use the option "--no-secmem-warning" or put:
-
- : no-secmem-warning
-
- in your ~/.gnupg/options or ~/.gnupg/gpg.conf file (this disables
- the warning).
-
On some systems (e.g., Windows) GnuPG does not lock memory pages
and older GnuPG versions (<=1.0.4) issue the warning:
@@ -1456,6 +1473,13 @@
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
+* Changes
+
+ - 2010-11-14: Update "gpg: Warning: using insecure memory!"
+
+
+
+
* COMMENT HTML style specifications
#+begin_src emacs-lisp
More information about the Gnupg-commits
mailing list