Trusted key problem with GPG 1.0.1

David T-G
Thu May 16 23:10:01 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Laila --

=2E..and then LW said...
% > There are some security problems with 1.0.1 - you don't want to use
% I also get the insecure memory warning.  Should this be happening if
% they installed it as root?

If it was installed as root, sure.  If it was installed with SUID
permissions, which means it runs not as the caller but as the file owner,
no.  If you see

  ls -lF `which gpg`
  -rwxr-xr-x   1 root ...

then it's installed without any special permissions; if you see

  ls -lF `which gpg`
  -rwsr-xr-x   1 root ...

(note the s instead of the x) then it's installed with SUID perms.

% If necessary, can I install 1.0.7 for myself and use that instead
% of their installed 1.0.1?

Sure; I've run my own gpg for a long time.  You'll definitely have the
secmem warning, though, unless "myself" means "root" :-)

% Thanks again,


% Laila

David T-G                      * It's easier to fight for one's principles
(play) * than to live up to them. -- fortune cookie
(work)    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (GNU/Linux)