False insecure memory warnings...
Fri Apr 4 23:31:01 2003
Content-Type: text/plain; charset=us-ascii
On Fri, Apr 04, 2003 at 01:59:55PM -0500, gabriel rosenkoetter wrote:
> On Fri, Apr 04, 2003 at 12:51:42PM -0500, David Shaw wrote:
> > Very interesting. There are a few other reasons that GnuPG might be
> > unable to get secure memory. Being not setuid root (on those
> > platforms that need it) is only the most common.
> What is GnuPG's definition of "secure memory"? Does it have to be
> wired kernel memory (to avoid being paged)?
> I really hope that NetBSD's sysctls for this didn't change between
> 1.5 and 1.6; it'll harm binary package compatibility.
> > What happens if you run this program out of cron in the same way
> > (zsh -c 'time testprog').
[ not that either ]
> So euid isn't the problem, then.
> Back to "what's GnuPG do to secure memory"? (Pointing me at the
> right source file would be plenty...)
util/secmem.c. In particular see lock_pool().
I wonder if the BSD login.conf rlimit stuff might be biting you here.
If cron has a smaller "memorylocked" value than you do when running
=66rom the shell, then the mlock call can fail and cause the symptoms
you see. I do know there was a change to the NetBSD cron recently to
have it start using login_cap, but I don't know what release that was
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
-----END PGP SIGNATURE-----