using insecure memory

sen_ml@eccosys.com sen_ml@eccosys.com
Sat, 26 Aug 2000 10:23:01 +0900


From: Michael Still <mikal@stillhq.com>
Subject: Re: using insecure memory
Date: Sat, 26 Aug 2000 10:10:16 +1000
Message-ID: <39A70AE8.46F78632@stillhq.com>


> I presume this would make it suid root, because when I run gpg as
> root I never see this insecure memory message. Is the message just
> because root can look at other user's memory spaces? Or is there
> another reason as well?
afaik, if setuid root, gpg uses the system call mlock() (which requires root privileges) to protect certain portions of the process' memory from being swapped to disk. i don't know if there are any other things gpg makes use of if setuid root. there's some documentation related to this in section 2.4 of: http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-2.html (this minihowto is listed in the documents section of the gnupg website) -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org