Implications of using insecure memory
Shawn K. Quinn
skquinn at xevious.kicks-ass.net
Mon Oct 4 07:50:37 CEST 2004
On Saturday 02 October 2004 18:29, shatadal at vfemail.net wrote:
> I am a new user of gnupg. I use gnupg on my windows laptop and linux
> desktop. Thie first time I tried to run gpg on linux as a user I got
> the insecure memory warning:
> "gpg: WARNING: using insecure memory!"
> On reading the faq I read
> "On some systems (e.g., Windows) GnuPG does not lock memory pages and
> older GnuPG versions (<=1.0.4) issue the warning:
> gpg: Please note that you don't have secure memory
> This warning can't be switched off by the above option because it was
> thought to be too serious an issue. However, it confused users too
> much, so the warning was eventually removed"
> As a new user I want to know what are the implications of using gpg
> with insecure memory in windows and linux, how serious are they and
> what steps can I take to improve security? Does insecure memory mean
> that I should not use gpg on sych systems?
The security risks from using Windows are such that I would be very
leery of relying on an encryption application to provide any security
on a Windows computer.
As far as GNU/Linux, it's simple to get rid of this warning, you can
simply run "chmod u+s `which gpg`" (GnuPG will detect that it's running
setuid root and drop privileges).
Shawn K. Quinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041004/f597bfb9/attachment.bin
More information about the Gnupg-users