Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
using insecure memory
Robert.Marano at riversoft
Aug 25, 2000, 1:39 AM
Post #1 of 4 (475 views)
Permalink
Hey all,

Quick one ...

When I use GPG, I constantly get the message "gpg: using insure memory." What does this mean and
how do I make my memory secure?

Please CC me on the response to robm@riversoft.com

tia,
~robert

--
------------------------------------------------------------------------
| Robert.Marano@RiverSoft.com RiverSoft Research & Development |
| (NYC) +1-646-557-7000 Mobile: (US) +1-917-721-7587 |
| (London) +44-20-8392-5789 (UK) +44-7714-229904 |
| (Unified) +1-212-658-9521 "Nova ex veteris." |
========================================================================
EMAIL DISCLAIMER: The information in this email is confidential and may
be legally privileged. It is intended solely for the addressee. Access
to this email by anyone else is unauthorized. If you are not the intended
recipient, any disclosure, copying, distribution or any action taken or
omitted to be taken in reliance on it, is prohibited and may be unlawful.
Re: using insecure memory [ In reply to ]
jcplace at attglobal
Aug 25, 2000, 5:33 AM
Post #2 of 4 (473 views)
Permalink
On Fri, Aug 25, 2000 at 09:39:27AM +0100, Robert Marano wrote:
> When I use GPG, I constantly get the message "gpg: using insure memory." What does this mean and
> how do I make my memory secure?
>
One of two ways:

- Set the SUID bin on the gpg exec (chmod u+s gpg)

- Put the "--no-secmem-warning" in your config file

John

John C. Place
jcplace@attglobal.net
http://profile.guru.com/placej
http://placej.interactivecore.com/public_key.txt

Reboot America.

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: using insecure memory [ In reply to ]
mikal at stillhq
Aug 25, 2000, 5:10 PM
Post #3 of 4 (475 views)
Permalink
I presume this would make it suid root, because when I run gpg as root I never see this insecure
memory message. Is the message just because root can look at other user's memory spaces? Or is there
another reason as well?

Thanks,
Michael

"John C. Place" wrote:

> On Fri, Aug 25, 2000 at 09:39:27AM +0100, Robert Marano wrote:
> > When I use GPG, I constantly get the message "gpg: using insure memory." What does this mean and
> > how do I make my memory secure?
> >
> One of two ways:
>
> - Set the SUID bin on the gpg exec (chmod u+s gpg)
>
> - Put the "--no-secmem-warning" in your config file
>
> John
>
> John C. Place
> jcplace@attglobal.net
> http://profile.guru.com/placej
> http://placej.interactivecore.com/public_key.txt
>
> Reboot America.
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
Re: using insecure memory [ In reply to ]
jcplace at attglobal
Aug 25, 2000, 7:20 PM
Post #4 of 4 (475 views)
Permalink
On Sat, Aug 26, 2000 at 10:10:16AM +1000, Michael Still wrote:
> I presume this would make it suid root, because when I run gpg as root I never see this insecure
> memory message. Is the message just because root can look at other user's memory spaces? Or is there
> another reason as well?
>
GnuPG locks memory so it is not swapped to disk. In theory a person
could use swapped info to compromise a key. Some platforms (FreeBSD for
one) require root access to lock pages.

At least that is my understanding.

John

John C. Place
jcplace@attglobal.net
http://profile.guru.com/placej
http://placej.interactivecore.com/public_key.txt

Reboot America.

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal