Insecure Memory Warning on HP-UX 11
Joseph Oreste Bruni
brunij at earthlink.net
Thu Jan 25 01:34:32 CET 2007
This is probably an HP packaging problem. I've built GPG on HP-UX
11.11 and it works fine with the setuid-root bit enabled.
The only problems I've encountered with older versions of GPG were
with regards to libiconv and gettext not being present.
Joe
On Jan 24, 2007, at 7:55 AM, Schwant, Gunnar, Dr. (K-GOT-1/1) wrote:
> Hi!
>
> We installed GnuPG 1.4.2.2 on HP-UX 11 as released by HP:
>
>
> <http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?
> productNumbe
> r=HPUXIEXP1111>
> http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?
> productNumber
> =HPUXIEXP1111
>
> <http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?
> productNumbe
> r=HPUXIEXP1123>
> http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?
> productNumber
> =HPUXIEXP1123
>
> Unfortunately, GnuPG displays a warning about insecure memory:
>
> ---
> gpg: Warning: using insecure memory!
> ---
>
> We tried to fix this by following the advise of the GnuPG FAQ
>
> <http://www.gnupg.org/(en)/documentation/faqs.html#q6.1>
> http://www.gnupg.org/(en)/documentation/faqs.html#q6.1
>
> and did setuid(root) permissions on the gpg binary. However, after
> we did
> this the
> problem even got worse. GnuPG now refuses to work at all. I get the
> following error
> message:
>
> ---
> gpg: Ohhhh jeeee: ... this is a bug (g10.c:1768:main)
> secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
> Abort
> ---
>
> I have searched the web to find out what this error message is
> about and got
> the
> impression that there appears to be a problem with dropping the suid
> (root)
> privs.
> GnuPG drops root privileges as soon as locked memory is allocated.
> After dropping the suid(root) privs, the effective and the real
> user id
> should be
> identical. GnuPG performs an extra check to verify this. As this
> check fails
> the
> program displays the above error message and aborts.
>
> (See
> <http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/
> 021824.html>
> http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/
> 021824.html ,
> <http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/
> 021826.html>
> http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/
> 021826.html ,
> <http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/
> 021827.html>
> http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/
> 021827.html ,
> <http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/
> 021828.html>
> http://lists.gnupg.org/pipermail/gnupg-devel/2005-February/
> 021828.html .)
>
> What do you think: Is this a problem which has to be adressed to HP
> or to
> the developers of GnuPG?
>
> Any help or advise is very appreciated.
>
> Many thanks and best regards,
>
> Gunnar.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2508 bytes
Desc: not available
Url : /pipermail/attachments/20070124/f4eeda2a/attachment-0001.bin
More information about the Gnupg-users
mailing list