Disabling paging/swapping without being root?
David Shaw
dshaw@jabberwocky.com
Thu Jul 24 23:17:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Jul 24, 2003 at 04:57:35PM -0400, kynn@panix.com wrote:
>
>
>
> On Linux, at least, one can disable paging/swapping (to keep
> privileged data off the disk) by calling mlockall(2), but only within
> a root process.
>
> Does Gnupg disable paging/swapping, and if so, can it do it when it
> is run by a regular (non-root) user? If the answer to the second
> question is yes, how does Gnupg do it without using mlockall?
GnuPG does not disable paging in general, but rather locks a
particular chunk of memory and uses that chunk for any data that
should not end up in swap (secret keys, session keys, etc). It's
kindler on the rest of the system than disabling all paging.
Generally, GnuPG need to be setuid root to do this, but it can also
use POSIX capabilities on those platforms that support it to do the
same thing without being root.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE/IE0g4mZch0nhy8kRAreFAJ9nnikp/QWOMpFKMJr5dSMWL+RMVACgtP9k
WBiokXX015gAQjEhYOX/D2c=
=meOT
-----END PGP SIGNATURE-----