Date: Wed, 16 Apr 2003 17:10:13 -0700 (PDT) From: Jason Stone <freebsd-performance@dfmm.org> To: =?unknown-8bit?Q?S=EAr=EAciya_Kurdistan=EE?= <sereciya@kurdistan.ath.cx> Cc: freebsd-performance@freebsd.org Subject: Re: FreeBSD Memory Pages Not Locked? Message-ID: <20030416165844.A4074-100000@walter> In-Reply-To: <20030416222057.GC57404@kurdistan.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I recently installed "gpnupg" from the ports collection and > upon running it (after the key generation), I found myself > seeing the following error: > > gpg: Warning: using insecure memory! 1) This is a question for freebsd-security, not freebsd-performance 2) Yes, freebsd does support locking pages in memory with mlock, but only root can call mlock. If you make gpg setuid root (chmod 4111 `which gpg`) then it will be able to mlock and the warning will go away. However, you must decide if that is a good security practice, because now bugs in gpg can be used to gain root on that machine, and if an attacker gains root, he gain just sniff your tty and get your passphrase next time you enter it. Additionally, other programs on the machine do not mlock sensitive data into core (think login, sshd, ssh-agent, etc), so you're already vulnerable to having sensitive data retrieved from swap. If having sensitive data retrieved from swap is really a concern for you, run freebsd-5 and use gbde to encrypt your whole swap partition. 3) Or, just add "no-secmem-warning" to your ~/.gnupg/options to silence the warning. It's really unlikely that an attack on unencrypted data in swap will ever affect you. -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE+nfDlswXMWWtptckRAupFAKDtyHf26X3TsAJ6qh67rQHPqXIT6gCguXmA A5immbQ9tsm+aN40DXbCxek= =hllG -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030416165844.A4074-100000>