Re: gpg: "Warning: using shared memory" - SUID?

To: debian-user <debian-user@lists.debian.org>
Subject: Re: gpg: "Warning: using shared memory" - SUID?
From: kmself@ix.netcom.com
Date: Thu, 30 Nov 2000 12:32:33 -0800
Message-id: <[🔎] 20001130123233.E24401@ix.netcom.com>
In-reply-to: <[🔎] 20001130212859.B3737@linuxpower.org>; from agl@linuxpower.org on Thu, Nov 30, 2000 at 09:28:59PM +0000
References: <[🔎] 20001130035023.F7159@ix.netcom.com> <20001130192549.A2405@linuxpower.org> <[🔎] 20001130120558.A24401@ix.netcom.com> <[🔎] 20001130212859.B3737@linuxpower.org>

on Thu, Nov 30, 2000 at 09:28:59PM +0000, Adam Langley (agl@linuxpower.org) wrote:
> On Thu, Nov 30, 2000 at 12:05:58PM -0800, kmself@ix.netcom.com wrote:
> > Response redirected to list.
> > Follow-up set to list.
> 
> Yea, sorry. I would suggest that the list set Reply-To, but I'd just
> get flamed

Mutt 'L' is your friend <g>.

> > > It depends on how much you trust gnupg. Setting it SUID means that is
> > > can lock pages sure. But it also means that it has to be really secure
> > > - if you are running a single-user box then I shouldn't think you're
> > > too bothered that someone could find an exploit - but by default it
> > > should be secure.
> > 
> > First, this is somewhat nonresponsive to my question:  is there a
> > specific reason why gpg was not SUID?  It's possible that postinstall
> > configs didn't run on it, I've had a couple of apt problems in the past
> > day or so.
> 
> I'm not involved in the package, but on my box it is SUID:
> -rwsr-xr-x    1 root     root       563624 Oct 17 17:35 /usr/bin/gpg
> 
> I have gnupg 1.0.4-1

I'd also confirmed this on another box.  Though I can never remember
what the !@#$%^&*() mode bit is for SUID.  '4577' was what I was looking
for, IIRC.

> > Second, what do you want to trust:  a single SUID program, earmarked as
> > a high-priority security issue, or every application running on the box
> > with access to priviledged memory.
> 
> Applications with access to gnupg's memory are either running as root
> or as the user owner of the gnupg process. You must trust root, and I
> don't think that a bad process running as you would read gnupg's
> memory (strace the shell and hook exec, for example). 

> The issue is the swap; locked pages are never swapped out, so the disk never
> seeks them. If someone could pick over your swap then they could pickout 
> sectors with high-entropy and possibly they would be your privkey.

So:  the locked pages are still accessible to other root processes, but
not to user-land programs, and they're not swapped to disk?

-- 
Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgpMueY5Cqkln.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: gpg: "Warning: using shared memory" - SUID?
  - From: Chris Gray <cgray@nowonder.com>

References:
- gpg: "Warning: using shared memory" - SUID?
  - From: kmself@ix.netcom.com
- Re: gpg: "Warning: using shared memory" - SUID?
  - From: kmself@ix.netcom.com
- Re: gpg: "Warning: using shared memory" - SUID?
  - From: Adam Langley <agl@linuxpower.org>

Prev by Date: Re: Who is 'nobody'?
Next by Date: Re: installation problem
Previous by thread: Re: gpg: "Warning: using shared memory" - SUID?
Next by thread: Re: gpg: "Warning: using shared memory" - SUID?
Index(es):
- Date
- Thread