Warning messages.

Michael Roth mroth@nessie.de
Sat, 26 Jun 1999 00:21:44 +0200 (CEST)

On Fri, 25 Jun 1999, Ben Woodard wrote:

> What triggers this message? Is there something that we can do about it
> to make our memory secure? Can you say to Unix, "send me this signal
> if you need to swap a page?" or "Don't swap this page or else I will
> have to kill err I mean reboot you."
I feel free to quote the man page of GnuPG: On many systems this program should be installed as setuid(root). This is necessary to lock memory pages. Locking memory pages prevents the operating system from writing memory pages to disk. If you get no warning message about insecure memory your operating system supports locking without being root. The program drops root privileges as soon as locked memory is allocated. However, the whole thread of pros and contras on protecting memory pages to prevent paging them to disk is discussed very controversly. When you think about you will note that everone who is able to get access with privileges to read out the paging area of the disk is also able to manipulate the system in all possible ways including substituting the gpg binary with a manipulated one. In my view (and many others) their is absolutly no security improvement by protecting memory pages from writing them to disk. As noted by someone else you can switch off the warning message with --no-secmem-warning. cu Michael