[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg: "Warning: using shared memory" - SUID?

on Thu, Nov 30, 2000 at 09:28:59PM +0000, Adam Langley (agl@linuxpower.org) wrote:
> On Thu, Nov 30, 2000 at 12:05:58PM -0800, kmself@ix.netcom.com wrote:
> > Response redirected to list.
> > Follow-up set to list.
> Yea, sorry. I would suggest that the list set Reply-To, but I'd just
> get flamed

Mutt 'L' is your friend <g>.

> > > It depends on how much you trust gnupg. Setting it SUID means that is
> > > can lock pages sure. But it also means that it has to be really secure
> > > - if you are running a single-user box then I shouldn't think you're
> > > too bothered that someone could find an exploit - but by default it
> > > should be secure.
> > 
> > First, this is somewhat nonresponsive to my question:  is there a
> > specific reason why gpg was not SUID?  It's possible that postinstall
> > configs didn't run on it, I've had a couple of apt problems in the past
> > day or so.
> I'm not involved in the package, but on my box it is SUID:
> -rwsr-xr-x    1 root     root       563624 Oct 17 17:35 /usr/bin/gpg
> I have gnupg 1.0.4-1

I'd also confirmed this on another box.  Though I can never remember
what the !@#$%^&*() mode bit is for SUID.  '4577' was what I was looking
for, IIRC.

> > Second, what do you want to trust:  a single SUID program, earmarked as
> > a high-priority security issue, or every application running on the box
> > with access to priviledged memory.
> Applications with access to gnupg's memory are either running as root
> or as the user owner of the gnupg process. You must trust root, and I
> don't think that a bad process running as you would read gnupg's
> memory (strace the shell and hook exec, for example). 

> The issue is the swap; locked pages are never swapped out, so the disk never
> seeks them. If someone could pick over your swap then they could pickout 
> sectors with high-entropy and possibly they would be your privkey.

So:  the locked pages are still accessible to other root processes, but
not to user-land programs, and they're not swapped to disk?

Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgpMueY5Cqkln.pgp
Description: PGP signature

Reply to: