Insecure memory

John Bacalle john@unixen.org
Tue, 22 Aug 2000 14:17:54 -0400 

On Tue, Aug 22, 2000 at 01:43:53PM +0000, Subba Rao wrote:
-snip 'gpg -?' does not show --no-secmem-warning-

> > You do not really have the 1.0.2 manpage, then.



> >        --no-secmem-warning

> >                  Suppress the warning about "using insecure  mem-

> >                  ory".



> I am talking about the command line options for the "gpg" command. The

> man page may be uniform across different versions.

> 

> Here is the output of "gpg -?" (I have cropped out the initial few lines)

-snip-

> -------------------------------------

> 

> I do not see a --no-secmem-warning option.


Under a RHL gpg 1.0.1 install I see the same thing as you, Subba.

Note, the docs are works in progress as the gnupg.org sites clearly and
repeatedly mentions. Follow either option and clear the insecure memory 
issue.

I just took advantage of Peter's advice (thanks, Peter!) and cured that
symptom on my system, which I'd been procrastinating on. One question
though, from the man page:

  BUGS
       On many  systems  this  program  should  be  installed  as
       setuid(root).  This  is  necessary  to  lock memory pages.
       Locking memory pages prevents the  operating  system  from
       writing  memory  pages to disk. If you get no warning mes­
       sage about insecure memory your operating system  supports
       locking  without being root. The program drops root privi­
       leges as soon as locked memory is allocated.
 
Does the last sentence mean, 'setting SUID root' security concerns are
ameliorated as "... locked memory is allocated"?

   John

-- 
John Bacalle

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org