PGP swap to disk?

Werner Koch
Wed, 15 Sep 1999 09:13:27 +0200

Aidan Skinner <> writes:

> I don't understand why GPG needs to be suid, but it might be due to the
> particular kernel call it's making.
Under Linux you need root privileges to do the mlock(2) call. The solution we will use in future are capabilities: It still has to be suid(root) but at the very beginning of the process we can drop all capabilities except for the MLOCK one. It's not yet becuase ther is no libc support and using a syscall directly is taht nice. -- Werner Koch at keyid 621CC013