Re: pkg/31547 (gnupg needs setuid-bit on Linux)

[Joerg Sonnenberger <joerg%britannica.bec.de@localhost>]

The following reply was made to PR pkg/31547; it has been noted by GNATS.

From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
To: joel%carnat.net@localhost
Cc: gnats-bugs%NetBSD.org@localhost, rillig%netbsd.org@localhost,
        linux-pkg-people%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost,
        gnats-admin%netbsd.org@localhost, joerg%netbsd.org@localhost
Subject: Re: pkg/31547 (gnupg needs setuid-bit on Linux)
Date: Thu, 28 Dec 2006 00:14:59 +0100

 On Thu, Dec 28, 2006 at 02:11:52AM +0100, joel%carnat.net@localhost wrote:
 > I don't know what is right on NetBSD platform, but what the FAQ says is:
 > 
 > 6.1  Why do I get "gpg: Warning: using insecure memory!"
 > On many systems this program should be installed as setuid(root). This is
 > necessary to lock memory pages. Locking memory pages prevents the
 > operating system from writing them to disk and thereby keeping your secret
 > keys really secret. If you get no warning message about insecure memory
 > your operating system supports locking without being root. The program
 > drops root privileges as soon as locked memory is allocated.
 > ...
 > If you can't or don't want to install GnuPG setuid(root), you can use the
 > option "--no-secmem-warning"
 
 You can also disable the warning in the config file. Explaining why it
 might be wanted or not is what I want to see in the man page.
 
 On the NetBSD for example, there's a normal rlimit on the number of
 locked pages, unless you go over that limit you don't need setuid at
 all.
 
 Joerg