Mailing List Archive

Re: Warning messages.
I'm getting this message too, on a remote system (my web host). Anything I
can do about it?

> On Fri, Jun 25, 1999 at 04:09:19PM +0200, Marcin Okraszewski wrote:
> > gpg: Warning: using insecure memory!
>
> This is a serious warning that your secret keys could end up in a disk
> swapfile or whatever. If you're happy to live with that risk (e.g. on a
> standalone private workstation) then you can put
>
> no-secmem-warning
>
> in .gnupg/options to make it go away.
>
Re: Warning messages. [ In reply to ]
What triggers this message? Is there something that we can do about it
to make our memory secure? Can you say to Unix, "send me this signal
if you need to swap a page?" or "Don't swap this page or else I will
have to kill err I mean reboot you."

-ben

> I'm getting this message too, on a remote system (my web host). Anything I
> can do about it?
>
> > On Fri, Jun 25, 1999 at 04:09:19PM +0200, Marcin Okraszewski wrote:
> > > gpg: Warning: using insecure memory!
> >
> > This is a serious warning that your secret keys could end up in a disk
> > swapfile or whatever. If you're happy to live with that risk (e.g. on a
> > standalone private workstation) then you can put
> >
> > no-secmem-warning
> >
> > in .gnupg/options to make it go away.
> >
>
Re: Warning messages. [ In reply to ]
On Fri, Jun 25, 1999 at 11:19:58AM -0700, Ben Woodard wrote:

> What triggers this message? Is there something that we can do about it
> to make our memory secure? Can you say to Unix, "send me this signal
> if you need to swap a page?" or "Don't swap this page or else I will
> have to kill err I mean reboot you."

With this message, GnuPG tries to tell you that it can't lock a page
in memory, because on your system only root is allowed to do so.

To make it go away, you'll have to call gpg with root privileges.
The easiest way to do this is to make it suid root.

--
Christian Ullrich
Registered Linux User #125183
Re: Warning messages. [ In reply to ]
On Fri, 25 Jun 1999, Ben Woodard wrote:

> What triggers this message? Is there something that we can do about it
> to make our memory secure? Can you say to Unix, "send me this signal
> if you need to swap a page?" or "Don't swap this page or else I will
> have to kill err I mean reboot you."

I feel free to quote the man page of GnuPG:

On many systems this program should be installed as
setuid(root). This is necessary to lock memory pages.
Locking memory pages prevents the operating system from
writing memory pages to disk. If you get no warning
message about insecure memory your operating system
supports locking without being root. The program drops
root privileges as soon as locked memory is allocated.

However, the whole thread of pros and contras on protecting memory pages
to prevent paging them to disk is discussed very controversly.
When you think about you will note that everone who is able to get access
with privileges to read out the paging area of the disk is also able to
manipulate the system in all possible ways including substituting the gpg
binary with a manipulated one.
In my view (and many others) their is absolutly no security improvement by
protecting memory pages from writing them to disk. As noted by someone
else you can switch off the warning message with --no-secmem-warning.


cu
Michael
Re: Warning messages. [ In reply to ]
Ben Woodard <ben@valinux.com> writes:

> to make our memory secure? Can you say to Unix, "send me this signal
> if you need to swap a page?" or "Don't swap this page or else I will

That would allow a nice feature. Just before swapping out a page,
encrypt it with a random sessionkey and decrypt it after it has got
swapped in. However, this will never be possible for an application
program to. And as Michael says in another mail; I don't feel that we
really need it.

--
Werner Koch at guug.de www.gnupg.org keyid 621CC013