Re: GPG memory is not secure.

To: pentakonix@openmailbox.org
Cc: debian-bsd@lists.debian.org
Subject: Re: GPG memory is not secure.
From: Werner Koch <wk@gnupg.org>
Date: Tue, 19 Aug 2014 23:41:22 +0200
Message-id: <[🔎] 87vbpo6ttp.fsf@vigenere.g10code.de>
In-reply-to: <[🔎] d0bd3713879322d08b16cb3fa160272e@openmailbox.org> (pentakonix@openmailbox.org's message of "Tue, 19 Aug 2014 21:49:39 +0200")
References: <[🔎] d0bd3713879322d08b16cb3fa160272e@openmailbox.org>

On Tue, 19 Aug 2014 21:49, pentakonix@openmailbox.org said:

> In the installation i have this message and fail :
>
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information

Well, read the FAQ - although I am not sure that our new FAQ still has
an answer.  If not, please complain and it will be re-added.

The reason for that warning is that the mlock() call failed to mark a
couple of memory pages as non-swapable.

On older Linux kernels you had to install gpg suid(root) to allow
mlock() to work (gpg will drop the permissions right after allocating
and locking the memory).  Recent Linux kernels grant each process a
certain amount of mlock()-able memory without root permissions.  I am
not sure about the current status on BSD kernels and frankly I tend to
ignore the warning or use no-secmem-warning in my gpg.conf.  Encrypted
swap is anyway a better protection.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Reply to:

Follow-Ups:
- Re: GPG memory is not secure.
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: GPG memory is not secure.
  - From: NOKUBI Takatsugu <knok@daionet.gr.jp>

References:
- GPG memory is not secure.
  - From: pentakonix@openmailbox.org

Prev by Date: Re: GPG memory is not secure.
Next by Date: Re: GPG memory is not secure.
Previous by thread: Re: GPG memory is not secure.
Next by thread: Re: GPG memory is not secure.
Index(es):
- Date
- Thread