Insecure Memory Warning on HP-UX 11
Schwant, Gunnar, Dr. (K-GOT-1/1)
gunnar.schwant at volkswagen.de
Wed Jan 24 15:55:50 CET 2007
Hi!
We installed GnuPG 1.4.2.2 on HP-UX 11 as released by HP:
<http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe
r=HPUXIEXP1111>
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=HPUXIEXP1111
<http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe
r=HPUXIEXP1123>
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=HPUXIEXP1123
Unfortunately, GnuPG displays a warning about insecure memory:
---
gpg: Warning: using insecure memory!
---
We tried to fix this by following the advise of the GnuPG FAQ
<http://www.gnupg.org/(en)/documentation/faqs.html#q6.1>
http://www.gnupg.org/(en)/documentation/faqs.html#q6.1
and did setuid(root) permissions on the gpg binary. However, after we did
this the
problem even got worse. GnuPG now refuses to work at all. I get the
following error
message:
---
gpg: Ohhhh jeeee: ... this is a bug (g10.c:1768:main)
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
Abort
---
I have searched the web to find out what this error message is about and got
the
impression that there appears to be a problem with dropping the suid(root)
privs.
GnuPG drops root privileges as soon as locked memory is allocated.
After dropping the suid(root) privs, the effective and the real user id
should be
identical. GnuPG performs an extra check to verify this. As this check fails
the
program displays the above error message and aborts.
(See
<http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021824.html>
http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021824.html ,
<http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021826.html>
http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021826.html ,
<http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021827.html>
http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021827.html ,
<http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021828.html>
http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021828.html .)
What do you think: Is this a problem which has to be adressed to HP or to
the developers of GnuPG?
Any help or advise is very appreciated.
Many thanks and best regards,
Gunnar.
More information about the Gnupg-users
mailing list