post-installation questions

[Justin R. Miller]

--HywJcj55HbA57jnN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Thus spake Tuomas Pellonpera (tp58494@uta.fi):

> This may be more serious. Everytime I run gpg, it prints out this
> complaint, "Warning: using insecure memory." How serious is this, and
> what could be done about it?

By default, GnuPG is not installed setuid root, which means that it runs
as the user invoking it (on UNIX systems, anyway) -- just like 99% of
your other user software.  If you are not root, then the memory that is
used to hold the unencrypted data as it is encrypted can possibly be
swapped to disk (i.e. "virtual memory") and this disk memory could
theoretically by read by others. =20

As explained in the GnuPG manual, you may set the setuid root bit on the
binary, which causes it to always run as root, no matter who invokes it.
Then, root's memory is never swapped to disk.  The reason that GnuPG is
not installed setuid root by default is that there should be some
caution exercised whenever this bit is set on binaries, as
vulnerabilities in the software can give root privileges to any local
user. =20

If you wish to set the bit, have a read of 'man chmod' to see how.
However, this message is normal unless you do so. =20

--=20
| Justin R. Miller / justin@solidlinux.com / 0xC9C40C31
| Of all the things I've lost, I miss my pants the most.
----------------------------------------------------------

--HywJcj55HbA57jnN
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7wIJY94d6K8nEDDERAvlGAKCLCxjQ7kLKNirhbyp+WD6/PeUYzQCbBOkB
BZ5oMpEv6gS7XYzRjjNF5qQ=
=WWcX
-----END PGP SIGNATURE-----

--HywJcj55HbA57jnN--