Implications of using insecure memory

Shawn K. Quinn skquinn at xevious.kicks-ass.net
Mon Oct 4 07:50:37 CEST 2004


On Saturday 02 October 2004 18:29, shatadal at vfemail.net wrote:
> Hi,
>
> I am a new user of gnupg. I use gnupg on my windows laptop and linux
> desktop. Thie first time I tried to run gpg on linux as a user I got
> the insecure memory warning:
>
> "gpg: WARNING: using insecure memory!"
>
> On reading the faq I read
>
> "On some systems (e.g., Windows) GnuPG does not lock memory pages and
> older GnuPG versions (<=1.0.4) issue the warning:
>
> gpg: Please note that you don't have secure memory
>
> This warning can't be switched off by the above option because it was
> thought to be too serious an issue. However, it confused users too
> much, so the warning was eventually removed"
>
> As a new user I want to know what are the implications of using gpg
> with insecure memory in windows and linux, how serious are they and
> what steps can I take to improve security? Does insecure memory mean
> that I should not use gpg on sych systems?

The security risks from using Windows are such that I would be very 
leery of relying on an encryption application to provide any security 
on a Windows computer.

As far as GNU/Linux, it's simple to get rid of this warning, you can 
simply run "chmod u+s `which gpg`" (GnuPG will detect that it's running 
setuid root and drop privileges).

-- 
Shawn K. Quinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041004/f597bfb9/attachment.bin


More information about the Gnupg-users mailing list