On Saturday 13 November 2010 14:58:29 Robert Millan wrote: > >>> Upstream recommends [2] setting the SUID bit and assures that "the > >>> program > >>> drops root privileges as soon as locked memory is allocated". > >> > >> However it is much easier and more secure to enable encrypted swap > >> space than to use mlock. It seems that gbde and the init scripts are > >> missing on GNU/kfreebsd. > > > > Robert, as I don't have knowledge of GNU/kFreeBSD, can you say whether > > the suggestion by Werner is indeed a better way to solve this problem? > > I disagree. This puts an additional burden on the user. Adding SUID > bit doesn't seem like a security problem. Gnupg drops privileges as > soon as it's not needed anymore, and upstream recommends this in > their FAQ. > > (Yes I know Werner is upstream, but if it's still in the FAQ I assume he > doesn't consider it a bad option) > > CC'ing debian-bsd OK, I'll be applying your patch then in the next upload of gnupg. Cheers, Thijs
Attachment:
signature.asc
Description: This is a digitally signed message part.