PGP swap to disk?

[Werner Koch]

Aidan Skinner <aidan@skinner.demon.co.uk> writes:

> I don't understand why GPG needs to be suid, but it might be due to the
> particular kernel call it's making. 

Under Linux you need root privileges to do the mlock(2) call.  The
solution we will use in future are capabilities:  It still has to be
suid(root) but at the very beginning of the process we can drop all
capabilities except for the MLOCK one.

It's not yet becuase ther is no libc support and using a syscall
directly is taht nice.


-- 
Werner Koch at guug.de           www.gnupg.org           keyid 621CC013