False insecure memory warnings...
gabriel rosenkoetter
gr@eclipsed.net
Fri Apr 4 20:59:01 2003
--icsXL8FABjDeMLkQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Apr 04, 2003 at 12:51:42PM -0500, David Shaw wrote:
> Very interesting. There are a few other reasons that GnuPG might be
> unable to get secure memory. Being not setuid root (on those
> platforms that need it) is only the most common.
What is GnuPG's definition of "secure memory"? Does it have to be
wired kernel memory (to avoid being paged)?
I really hope that NetBSD's sysctls for this didn't change between
1.5 and 1.6; it'll harm binary package compatibility.
> What happens if you run this program out of cron in the same way
> (zsh -c 'time testprog').
Results for all my test cases:
> 52 13 * * * suidtest
UID: 1000
EUID: 0 =20
> 52 13 * * * /usr/local/bin/suidtest
UID: 1000
EUID: 0 =20
> 52 13 * * * time suidtest
UID: 1000
EUID: 0 =20
1.10 real 0.00 user 0.06 sys
> 52 13 * * * zsh -c 'time suidtest'
UID: 1000
EUID: 0 =20
suidtest 0.00s user 0.06s system 2% cpu 2.046 total
> 52 13 * * * zsh -c 'time /usr/local/bin/suidtest'
UID: 1000
EUID: 0 =20
/usr/local/bin/suidtest 0.02s user 0.06s system 6% cpu 1.267 total
So euid isn't the problem, then.
Back to "what's GnuPG do to secure memory"? (Pointing me at the
right source file would be plenty...)
> The other obvious thing to try is to rebuild GnuPG to see if something
> changed in the underlying libraries when you upgraded NetBSD (you may
> have done this already).
Yeah, I do wonder if it's that... but I'm a little reluctant just to
blow away the problem version, since it'd make it hard to figure out
exactly what's causing this. :^>
I am building a new version of GnuPG in exactly the same way
(NetBSD's pkgsrc/security/gnupg), I just won't install it (yet).
(This is only a 300 MHz PowerPC G3 and a mere 20 MB/s SCSI disk,
so I'll let you know when I get a chance to test that version. :^>)
--=20
gabriel rosenkoetter
gr@eclipsed.net
--icsXL8FABjDeMLkQ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)
iD8DBQE+jdYr9ehacAz5CRoRAnCDAJ9Tm3uFLtyTHEFUrgS6slPmfqT8ZgCfbh4N
gayiLFBoqReFP4hcoy8BGmw=
=fDJR
-----END PGP SIGNATURE-----
--icsXL8FABjDeMLkQ--