Setting up gpg on an IRIX web server

Michael Stevens mstevens@imaginet.co.uk
Fri, 4 Feb 2000 10:44:43 +0000


On Thu, Feb 03, 2000 at 11:12:08PM +0100, Johan Wevers wrote:

> Greg McKean wrote:
>
> > I run the command "pgpfiles/gpg.bin" I always recieve the error:
> >
> > gpg: Warning: using insecure memory!
>
> Add the following command-line option:
>
> --no-secmem-warning
> Suppress the warning about "using insecure memory".
>
> Or make gpg suid root (chmod 4755 gpg). Secure memory is memory that can't
> be swapped to disk. But on operating systems that support this feature you
> need root priviliges to get such memory, ordinary users can't. Setting a
> program suid root allows the program to run with root privs although it is
> started by another user - a potential security rusk so you should enable
> this by hand. Without root access to the machine you can't without hacking
> the machine.
The mlock(3) man page on OpenBSD suggests that regular users can lock memory, but only up to a preset quota: -cut-- Since physical memory is a potentially scarce resource, processes are limited in how much they can lock down. A single process can mlock the minimum of a system-wide ``wired pages'' limit and the per-process RLIMIT_MEMLOCK resource limit. -cut--