Trusted key problem with GPG 1.0.1

David T-G davidtg-gnupg@justpickone.org
Thu May 16 23:10:01 2002


--U3s59FfKcByyGl+j
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Laila --

=2E..and then LW said...
%=20
% > There are some security problems with 1.0.1 - you don't want to use
=2E..
%=20
% I also get the insecure memory warning.  Should this be happening if
% they installed it as root?

If it was installed as root, sure.  If it was installed with SUID
permissions, which means it runs not as the caller but as the file owner,
no.  If you see

  ls -lF `which gpg`
  -rwxr-xr-x   1 root ...

then it's installed without any special permissions; if you see

  ls -lF `which gpg`
  -rwsr-xr-x   1 root ...

(note the s instead of the x) then it's installed with SUID perms.


%=20
% If necessary, can I install 1.0.7 for myself and use that instead
% of their installed 1.0.1?

Sure; I've run my own gpg for a long time.  You'll definitely have the
secmem warning, though, unless "myself" means "root" :-)


%=20
% Thanks again,

HTH & HAND


%=20
% Laila


:-D
--=20
David T-G                      * It's easier to fight for one's principles
(play) davidtg@justpickone.org * than to live up to them. -- fortune cookie
(work) davidtgwork@justpickone.org
http://www.justpickone.org/davidtg/    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


--U3s59FfKcByyGl+j
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE85CB4Gb7uCXufRwARAi/yAKDLrWcIotduO5WbW17VwHfuC5xn4ACgpbX0
nZGzzsG4fjdtpXB8xOLTsqM=
=QyzC
-----END PGP SIGNATURE-----

--U3s59FfKcByyGl+j--