[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSH uploaded replacing ssh, please test

On Thu, Nov 04, 1999 at 12:10:49PM -0500, Daniel Burrows wrote:
> On Thu, Nov 04, 1999 at 06:36:53PM +0200, Tommi Virtanen was heard to say:
> >         I am no X expert, but I don't think there's more to do
> >         than that. Unless you want to lock the pages into memory
> >         etc..
>   Actually, I was about to ask whether it's possible to do this (lock memory)
> without making it suid ;-)
>   This would probably be a Good Idea..although if the standard askpass doesn't
> do it leaving it out for now is probably ok (since you won't be any less secure
> at any rate..)

	I believe that would need suid access, which is very
        inappropriate for Perl/Tk. Quoting gpg(1):

       On many  systems  this  program  should  be  installed  as
       setuid(root).  This  is  necessary  to  lock memory pages.
       Locking memory pages prevents the  operating  system  from
       writing  memory  pages to disk. If you get no warning mes­
       sage about insecure memory your operating system  supports
       locking  without being root. The program drops root privi­
       leges as soon as locked memory is allocated.

Havoc Consulting | unix, linux, perl, mail, www, internet, security consulting
+358 50 5486010  | software development, unix administration, training

Reply to: