GnuPG + FreeBSD 5.3 = intermitent memory warning

Atom 'Smasher' atom at
Mon Dec 13 02:24:17 CET 2004

Hash: SHA256

** cross posted **

for those not familiar with GnuPG, read here for relevant background info:

if the binary is suid-root, it should not generate warnings about insecure 
memory. my binary *is* suid-root, and whether it's run as a privileged or 
unprivileged user i get intermittent warnings about insecure memory.

i only noticed this intermittent behavior after upgrading from FreeBSD 4.9 
to 5.3. i'm seeing essentially the same results with GnuPG 1.2 and 1.3 

attached is a script and the output from 1000000 invocations of gpg (just 
over 24 hours on a duron-1200). there were 543398 (almost 55%) errors. at 
first i thought that there was a relation between the errors and 
downloading large files, but now i'm not sure if that's a factor.

SHA-1 checksums:
   126694aa13085e757c1fb75e105549b9d6997fc2 gnupg_err.txt.gz

the "gnupg_err.txt" was produced by running:
 	./ 1000 1000 | tee gnupg_err.txt

On Fri, 10 Dec 2004, David Shaw wrote:
> On Wed, Dec 08, 2004 at 02:12:30AM -0500, Atom 'Smasher' wrote:
>> i thought i was either going crazy or stupid, but i really am getting
>> intermittent warnings:
>>  	WARNING: using insecure memory!
>> the test above is unique, because usually in a test of 100, 500, or 1000
>> trials i get either 0% or 100% warnings. before getting that result, i got
>> a bunch of 100% error... after running that test i got a bunch of 0%
>> error.
>> i suspect that it might be a bug in FreeBSD 5.3-RELEASE since i haven't
>> noticed it before. now i'm having the same problem with 1.2.6 and 1.3.92.
>> has anyone else noticed this?
> I tried to duplicate it on Linux, but without any luck.  It might be a
> FreeBSD thing, or it might be something particular to your machine?
> I've never heard of this happenening, even on FreeBSD, so I don't know
> what to think yet.
>> please advise how to trace this problem when it appears... i'm not sure
>> which --debug flag(s) or process-tracking applications (with what options)
>> will be most useful.
> If you do C, take a peek at the code in util/secmem.c:lock_pool.  It
> is unfortunately quite rich in #ifdefs since locking memory is pretty
> platform-specific.  Add some debugging there - say, printing out errno
> whenever mlock() returns -1.

i'm not much good in C :(

- -- 

  PGP key -
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"Military men are just dumb stupid animals
 	 to be used as pawns in foreign policy."
 		-- Henry Kissinger,
 	Kiss the Boys Goodbye: How the United
 	States Betrayed Its Own POWs in Vietnam

Version: GnuPG v1.3.92 (FreeBSD)
Comment: What is this gibberish?

-------------- next part --------------
A non-text attachment was scrubbed...
Type: application/octet-stream
Size: 536 bytes
Url : /pipermail/attachments/20041212/c79621d1/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnupg_err.txt.gz
Type: application/octet-stream
Size: 4081 bytes
Url : /pipermail/attachments/20041212/c79621d1/gnupg_err.txt.exe

More information about the Gnupg-devel mailing list