Insecure Memory Warning on HP-UX 11

Schwant, Gunnar, Dr. (K-GOT-1/1) gunnar.schwant at volkswagen.de
Wed Jan 24 15:55:50 CET 2007


Hi! 

We installed GnuPG 1.4.2.2 on HP-UX 11 as released by HP: 
  
 
<http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe
r=HPUXIEXP1111>
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=HPUXIEXP1111 
 
<http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe
r=HPUXIEXP1123>
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=HPUXIEXP1123 

Unfortunately, GnuPG displays a warning about insecure memory: 

--- 
gpg: Warning: using insecure memory! 
--- 

We tried to fix this by following the advise of the GnuPG FAQ 

 <http://www.gnupg.org/(en)/documentation/faqs.html#q6.1>
http://www.gnupg.org/(en)/documentation/faqs.html#q6.1 

and did setuid(root) permissions on the gpg binary. However, after we did
this the 
problem even got worse. GnuPG now refuses to work at all. I get the
following error 
message: 

--- 
gpg: Ohhhh jeeee: ... this is a bug (g10.c:1768:main) 
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 
Abort 
--- 

I have searched the web to find out what this error message is about and got
the 
impression that there appears to be a problem with dropping the suid(root)
privs. 
GnuPG drops root privileges as soon as locked memory is allocated. 
After dropping the suid(root) privs, the effective and the real user id
should be 
identical. GnuPG performs an extra check to verify this. As this check fails
the 
program displays the above error message and aborts. 

(See
<http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021824.html>
http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021824.html , 
 <http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021826.html>
http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021826.html , 
 <http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021827.html>
http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021827.html , 
 <http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021828.html>
http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/021828.html .) 

What do you think: Is this a problem which has to be adressed to HP or to
the developers of GnuPG? 

Any help or advise is very appreciated. 

Many thanks and best regards, 

Gunnar. 




More information about the Gnupg-users mailing list