Insecure memory

Subba Rao Subba Rao <subb3@attglobal.net>
Tue, 22 Aug 2000 18:36:00 +0000


On  0, John Bacalle <john@unixen.org> wrote:

> On Tue, Aug 22, 2000 at 01:43:53PM +0000, Subba Rao wrote:
> -snip 'gpg -?' does not show --no-secmem-warning-
> > > You do not really have the 1.0.2 manpage, then.
>
> > > --no-secmem-warning
> > > Suppress the warning about "using insecure mem-
> > > ory".
>
> > I am talking about the command line options for the "gpg" command. The
> > man page may be uniform across different versions.
> >
> > Here is the output of "gpg -?" (I have cropped out the initial few lines)
> -snip-
> > -------------------------------------
> >
> > I do not see a --no-secmem-warning option.
>
> Under a RHL gpg 1.0.1 install I see the same thing as you, Subba.
>
> Note, the docs are works in progress as the gnupg.org sites clearly and
> repeatedly mentions. Follow either option and clear the insecure memory
> issue.
>
> I just took advantage of Peter's advice (thanks, Peter!) and cured that
> symptom on my system, which I'd been procrastinating on. One question
> though, from the man page:
>
> BUGS
> On many systems this program should be installed as
> setuid(root). This is necessary to lock memory pages.
> Locking memory pages prevents the operating system from
> writing memory pages to disk. If you get no warning mes­
> sage about insecure memory your operating system supports
> locking without being root. The program drops root privi­
> leges as soon as locked memory is allocated.
>
> Does the last sentence mean, 'setting SUID root' security concerns are
> ameliorated as "... locked memory is allocated"?
>
> John
>
Thank you very much for this solution! The setuid flag has fixed the "insecure memory" problem. -- Subba Rao subb3@attglobal.net http://pws.prserv.net/truemax/ => Time is relative. Here is a new way to look at time. <= http://www.smcinnovations.com -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org