[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg: "Warning: using shared memory" - SUID?

>>>>> "kmself" == kmself  <kmself@ix.netcom.com> writes:

    kmself> I'd also confirmed this on another box.  Though I can
    kmself> never remember what the !@#$%^&*() mode bit is for SUID.
    kmself> '4577' was what I was looking for, IIRC.

4755.  Though you should probably use suidregister (see
/var/lib/dpkg/info/gnupg.postinst for how to do it).

    >> Applications with access to gnupg's memory are either running
    >> as root or as the user owner of the gnupg process. You must
    >> trust root, and I don't think that a bad process running as you
    >> would read gnupg's memory (strace the shell and hook exec, for
    >> example).

    >> The issue is the swap; locked pages are never swapped out, so
    >> the disk never seeks them. If someone could pick over your swap
    >> then they could pickout sectors with high-entropy and possibly
    >> they would be your privkey.

    kmself> So: the locked pages are still accessible to other root
    kmself> processes, but not to user-land programs, and they're not
    kmself> swapped to disk?

The other root programs shouldn't be looking at memory other than
their own, or else they'd segfault.  The major thing with
memory-locking is that the memory never gets written to disk.


Every child in America MUST get one of these things for Christmas or
Chanukah or Kwanzaa or Atheist Children Get Presents Day.
	-- Dave Barry

Reply to: