Sat, 26 Jun 1999 00:21:44 +0200 (CEST)
On Fri, 25 Jun 1999, Ben Woodard wrote:
> What triggers this message? Is there something that we can do about it
> to make our memory secure? Can you say to Unix, "send me this signal
> if you need to swap a page?" or "Don't swap this page or else I will
> have to kill err I mean reboot you."
I feel free to quote the man page of GnuPG:
On many systems this program should be installed as
setuid(root). This is necessary to lock memory pages.
Locking memory pages prevents the operating system from
writing memory pages to disk. If you get no warning
message about insecure memory your operating system
supports locking without being root. The program drops
root privileges as soon as locked memory is allocated.
However, the whole thread of pros and contras on protecting memory pages
to prevent paging them to disk is discussed very controversly.
When you think about you will note that everone who is able to get access
with privileges to read out the paging area of the disk is also able to
manipulate the system in all possible ways including substituting the gpg
binary with a manipulated one.
In my view (and many others) their is absolutly no security improvement by
protecting memory pages from writing them to disk. As noted by someone
else you can switch off the warning message with --no-secmem-warning.