GnuPG + FreeBSD 5.3 = intermitent memory warning

Atom 'Smasher' atom at suspicious.org
Mon Dec 13 02:24:17 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

** cross posted **

for those not familiar with GnuPG, read here for relevant background info: 
http://www.gnupg.org/documentation/faqs.html#q6.1

if the binary is suid-root, it should not generate warnings about insecure 
memory. my binary *is* suid-root, and whether it's run as a privileged or 
unprivileged user i get intermittent warnings about insecure memory.

i only noticed this intermittent behavior after upgrading from FreeBSD 4.9 
to 5.3. i'm seeing essentially the same results with GnuPG 1.2 and 1.3 
branches.

attached is a script and the output from 1000000 invocations of gpg (just 
over 24 hours on a duron-1200). there were 543398 (almost 55%) errors. at 
first i thought that there was a relation between the errors and 
downloading large files, but now i'm not sure if that's a factor.

SHA-1 checksums:
   126694aa13085e757c1fb75e105549b9d6997fc2 gnupg_err.txt.gz
   6332229dafcc8f5b4becfc74fd2f39b9af4d2164 gpg_memory_warning.sh.gz

the "gnupg_err.txt" was produced by running:
 	./gpg_memory_warning.sh 1000 1000 | tee gnupg_err.txt



On Fri, 10 Dec 2004, David Shaw wrote:
> On Wed, Dec 08, 2004 at 02:12:30AM -0500, Atom 'Smasher' wrote:
>
>> i thought i was either going crazy or stupid, but i really am getting
>> intermittent warnings:
>>  	WARNING: using insecure memory!
>>
>> the test above is unique, because usually in a test of 100, 500, or 1000
>> trials i get either 0% or 100% warnings. before getting that result, i got
>> a bunch of 100% error... after running that test i got a bunch of 0%
>> error.
>>
>> i suspect that it might be a bug in FreeBSD 5.3-RELEASE since i haven't
>> noticed it before. now i'm having the same problem with 1.2.6 and 1.3.92.
>> has anyone else noticed this?
>
> I tried to duplicate it on Linux, but without any luck.  It might be a
> FreeBSD thing, or it might be something particular to your machine?
> I've never heard of this happenening, even on FreeBSD, so I don't know
> what to think yet.
>
>> please advise how to trace this problem when it appears... i'm not sure
>> which --debug flag(s) or process-tracking applications (with what options)
>> will be most useful.
>
> If you do C, take a peek at the code in util/secmem.c:lock_pool.  It
> is unfortunately quite rich in #ifdefs since locking memory is pretty
> platform-specific.  Add some debugging there - say, printing out errno
> whenever mlock() returns -1.
=================

i'm not much good in C :(



- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"Military men are just dumb stupid animals
 	 to be used as pawns in foreign policy."
 		-- Henry Kissinger,
 	Kiss the Boys Goodbye: How the United
 	States Betrayed Its Own POWs in Vietnam

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBvO9JAAoJEAx/d+cTpVci1qIH/A2wqA3gUjm2waWnzqBsKEj1
NiEp4cIbxsrDRsFzmHxlJzSL322toXoDIbBVKvsBLqH9ZgtTos3Kc26sk+Vt1lo9
IpsKj2QxXEcXKgs6drVgLXacfgldcl/WCY2iuicdMs5gw/415rKZQyS/Eerhx7jm
0K+xGxhfJYaaS6lPswZvB1GeANwxU9nVrbmbTb/6roNiMxL6O8BThwP3jD/Ne+FB
v7YxkbFQUyqq4WMO3Qfee2gy9zox+BG8oaC7xBNlvlGZXH7sPlotzJkpZhKVoBHF
o5TM+vSYSGJV/OvXEH/XaWKApC1e+mfCKYqrCi0eMiT8X4bXofVAcry0oc1HMOQ=
=z+OV
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpg_memory_warning.sh.gz
Type: application/octet-stream
Size: 536 bytes
Desc: 
Url : /pipermail/attachments/20041212/c79621d1/gpg_memory_warning.sh.exe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnupg_err.txt.gz
Type: application/octet-stream
Size: 4081 bytes
Desc: 
Url : /pipermail/attachments/20041212/c79621d1/gnupg_err.txt.exe


More information about the Gnupg-devel mailing list