Re: OpenSSH uploaded replacing ssh, please test
On Thu, Nov 04, 1999 at 12:10:49PM -0500, Daniel Burrows wrote:
> On Thu, Nov 04, 1999 at 06:36:53PM +0200, Tommi Virtanen was heard to say:
> > I am no X expert, but I don't think there's more to do
> > than that. Unless you want to lock the pages into memory
> > etc..
> Actually, I was about to ask whether it's possible to do this (lock memory)
> without making it suid ;-)
> This would probably be a Good Idea..although if the standard askpass doesn't
> do it leaving it out for now is probably ok (since you won't be any less secure
> at any rate..)
I believe that would need suid access, which is very
inappropriate for Perl/Tk. Quoting gpg(1):
On many systems this program should be installed as
setuid(root). This is necessary to lock memory pages.
Locking memory pages prevents the operating system from
writing memory pages to disk. If you get no warning mes
sage about insecure memory your operating system supports
locking without being root. The program drops root privi
leges as soon as locked memory is allocated.
Havoc Consulting | unix, linux, perl, mail, www, internet, security consulting
+358 50 5486010 | software development, unix administration, training