Re: pkg/31547 (gnupg needs setuid-bit on Linux)

To: joel%carnat.net@localhost
Subject: Re: pkg/31547 (gnupg needs setuid-bit on Linux)
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Thu, 28 Dec 2006 00:14:59 +0100

On Thu, Dec 28, 2006 at 02:11:52AM +0100, joel%carnat.net@localhost wrote:
> I don't know what is right on NetBSD platform, but what the FAQ says is:
> 
> 6.1  Why do I get "gpg: Warning: using insecure memory!"
> On many systems this program should be installed as setuid(root). This is
> necessary to lock memory pages. Locking memory pages prevents the
> operating system from writing them to disk and thereby keeping your secret
> keys really secret. If you get no warning message about insecure memory
> your operating system supports locking without being root. The program
> drops root privileges as soon as locked memory is allocated.
> ...
> If you can't or don't want to install GnuPG setuid(root), you can use the
> option "--no-secmem-warning"

You can also disable the warning in the config file. Explaining why it
might be wanted or not is what I want to see in the man page.

On the NetBSD for example, there's a normal rlimit on the number of
locked pages, unless you go over that limit you don't need setuid at
all.

Joerg

Follow-Ups:
- Re: pkg/31547 (gnupg needs setuid-bit on Linux)
  - From: joel

References:
- Re: pkg/31547 (gnupg needs setuid-bit on Linux)
  - From: joerg
- Re: pkg/31547 (gnupg needs setuid-bit on Linux)
  - From: joel

Prev by Date: Re: pkg/31547 (gnupg needs setuid-bit on Linux)
Next by Date: Re: pkg/31547 (gnupg needs setuid-bit on Linux)
Previous by Thread: Re: pkg/31547 (gnupg needs setuid-bit on Linux)
Next by Thread: Re: pkg/31547 (gnupg needs setuid-bit on Linux)
Indexes:

Home | Main Index | Thread Index | Old Index