Questions about GPGME / GnuPG library
Taral
taral at taral.net
Wed Dec 6 22:11:27 CET 2000
Quoting Florian Weimer <Florian.Weimer at RUS.Uni-Stuttgart.DE>:
> Taral <taral at taral.net> writes:
>
> > If GPG were a library, your program (which may or may not be safe)
> > would also have to be setuid-root to take advantage of secure
> > memory.
>
> If this is really an issue (many applications which would benifit from
> an OpenPGP library only need OpenPGP packet parsing and signature
> verification), it's better to fix the operating system to provide a
> certain (limited) amount of secure memory to unprivileged processes --
> or use encrypted swap.
Actually, I put out an RFC on this list a little while ago proposing a solution
to our problem. It would modularize GPG such that people could use the pieces
they needed. I am not, however, going to start on that until GPG itself it more
cleanly implemented.
--
Taral <taral at taral.net>
More information about the Gnupg-devel
mailing list