Disabling paging/swapping without being root?
Thu Jul 24 23:17:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Jul 24, 2003 at 04:57:35PM -0400, email@example.com wrote:
> On Linux, at least, one can disable paging/swapping (to keep
> privileged data off the disk) by calling mlockall(2), but only within
> a root process.
> Does Gnupg disable paging/swapping, and if so, can it do it when it
> is run by a regular (non-root) user? If the answer to the second
> question is yes, how does Gnupg do it without using mlockall?
GnuPG does not disable paging in general, but rather locks a
particular chunk of memory and uses that chunk for any data that
should not end up in swap (secret keys, session keys, etc). It's
kindler on the rest of the system than disabling all paging.
Generally, GnuPG need to be setuid root to do this, but it can also
use POSIX capabilities on those platforms that support it to do the
same thing without being root.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----