Mailing List Archive

Quoting Matt Heineman <mheinema@troopers.state.ny.us>, who wrote:
> Does anyone know why --no-secmem-warning does not suppress the
> insecure memory message on a Compaq True64 Alpha machine?

The options are parsed AFTER the first secure memory is allocated,
which makes it a fairly useless option. I asked for this to be
changed. It seemed to me that there was no particular reason to
allocate the memory so early, and moving the allocation to after
the options parsing would be safe.

I think this option doesn't get any use, because most people just
make gpg setuid root to fix this, but that doesn't work everywhere.

What do you think Werner? Should I resubmit a patch against the
latest, or has it been fixed since 1.0.1?

Sam

--
Sam Roberts (sam@cogent.ca), Cogent Real-Time Systems (www.cogent.ca)

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Thanks Sam.

Is there more to running GnuPG as setuid root than chown root
/usr/local/bin/gpg;chmod 4755 /usr/local/bin/gpg?

Incidentally, the make check fails 2 out of 24 tests (the ones using
pipes) because of the inclusion of a secmem warning in the output file
being compared to the original. I felt this was more of an error with
make check than with the compile so I went ahead with the
installation.

>>> Sam Roberts <sam@cogent.ca> 09/11 1:33 PM >>>
Quoting Matt Heineman <mheinema@troopers.state.ny.us>, who wrote:
> Does anyone know why --no-secmem-warning does not suppress the
> insecure memory message on a Compaq True64 Alpha machine?

The options are parsed AFTER the first secure memory is allocated,
which makes it a fairly useless option. I asked for this to be
changed. It seemed to me that there was no particular reason to
allocate the memory so early, and moving the allocation to after
the options parsing would be safe.

I think this option doesn't get any use, because most people just
make gpg setuid root to fix this, but that doesn't work everywhere.

What do you think Werner? Should I resubmit a patch against the
latest, or has it been fixed since 1.0.1?

Sam

--
Sam Roberts (sam@cogent.ca), Cogent Real-Time Systems
(www.cogent.ca)

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Sam Roberts wrote:
>
> I think this option doesn't get any use, because most people just
> make gpg setuid root to fix this, but that doesn't work everywhere.

Well, it doesn't work in Windoze either, and it's kind of hard to run GnuPG
SUID root in Windoze...

So it might help if the --no-secmem-warning option did what one would expect it
to do ;-)

Michel Bouissou <michel@bouissou.net> PGP DH/DSS ID 0x5C2BEE8F



--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Mon, 11 Sep 2000, Matt Heineman wrote:

> Does anyone know why --no-secmem-warning does not suppress the
> insecure memory message on a Compaq True64 Alpha machine?

This is (This will be fixed in the gpg 1.1 series).

Werner


--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org