PGP swap to disk?
Wed, 15 Sep 1999 09:13:27 +0200
Aidan Skinner <firstname.lastname@example.org> writes:
> I don't understand why GPG needs to be suid, but it might be due to the
> particular kernel call it's making.
Under Linux you need root privileges to do the mlock(2) call. The
solution we will use in future are capabilities: It still has to be
suid(root) but at the very beginning of the process we can drop all
capabilities except for the MLOCK one.
It's not yet becuase ther is no libc support and using a syscall
directly is taht nice.
Werner Koch at guug.de www.gnupg.org keyid 621CC013