From owner-freebsd-bugs@FreeBSD.ORG Wed Dec 15 04:06:14 2004 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A268416A4CE for ; Wed, 15 Dec 2004 04:06:14 +0000 (GMT) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C28343D49 for ; Wed, 15 Dec 2004 04:06:14 +0000 (GMT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (rwcrmhc11) with ESMTP id <2004121504054301300ju918e>; Wed, 15 Dec 2004 04:05:44 +0000 Received: from claude.jabberwocky.com ([172.24.84.27])iBF45gTS010397; Tue, 14 Dec 2004 23:05:42 -0500 Received: (from dshaw@localhost) by claude.jabberwocky.com (8.11.6/8.11.6) id iBF45Yr08770; Tue, 14 Dec 2004 23:05:34 -0500 Date: Tue, 14 Dec 2004 23:05:34 -0500 From: David Shaw To: "Atom 'Smasher'" Message-ID: <20041215040534.GC32762@jabberwocky.com> Mail-Followup-To: Atom 'Smasher' , gnupg-devel@gnupg.org, freebsd-bugs@freebsd.org References: <20041208014034.A62757@willy.wonka> <20041210150749.GA1379@jabberwocky.com> <20041212192018.P99530@willy.wonka> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041212192018.P99530@willy.wonka> X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560 X-Request-PGP: http://www.jabberwocky.com/david/keys.asc X-Phase-Of-Moon: The Moon is Waxing Crescent (13% of Full) User-Agent: Mutt/1.5.6i cc: gnupg-devel@gnupg.org cc: freebsd-bugs@freebsd.org Subject: Re: GnuPG + FreeBSD 5.3 = intermitent memory warning X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2004 04:06:14 -0000 On Sun, Dec 12, 2004 at 08:24:17PM -0500, Atom 'Smasher' wrote: > ** cross posted ** > > for those not familiar with GnuPG, read here for relevant background info: > http://www.gnupg.org/documentation/faqs.html#q6.1 > > if the binary is suid-root, it should not generate warnings about insecure > memory. my binary *is* suid-root, and whether it's run as a privileged or > unprivileged user i get intermittent warnings about insecure memory. It took me a while to track this down, and thanks to Atom for helping me run some FreeBSD tests. It turns out that this isn't a GnuPG specific problem. The same problem can be duplicated by running any program that calls mlock() on FreeBSD. FreeBSD has a "1/3 of memory" hard limit for mlock(). What seems to have happened is that for whatever reason, Atom's system was very close to the 1/3 magic number, and so when GnuPG tried to get its lock, it was sometimes refused. This also explains why a busy system seemed to aggravate the problem. In terms of what to do about this in GnuPG, I'm not sure if there should be anything done. I think the the current GnuPG behavior is pretty good: try to get locked memory, and if it can't, warn the user. David