[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg: "Warning: using shared memory" - SUID?

on Thu, Nov 30, 2000 at 04:36:18PM -0500, Chris Gray (cgray@nowonder.com) wrote:
> >>>>> "kmself" == kmself  <kmself@ix.netcom.com> writes:
>     kmself> I'd also confirmed this on another box.  Though I can
>     kmself> never remember what the !@#$%^&*() mode bit is for SUID.
>     kmself> '4577' was what I was looking for, IIRC.
> 4755.  Though you should probably use suidregister (see
> /var/lib/dpkg/info/gnupg.postinst for how to do it).
>     >> Applications with access to gnupg's memory are either running
>     >> as root or as the user owner of the gnupg process. You must
>     >> trust root, and I don't think that a bad process running as you
>     >> would read gnupg's memory (strace the shell and hook exec, for
>     >> example).
>     >> The issue is the swap; locked pages are never swapped out, so
>     >> the disk never seeks them. If someone could pick over your swap
>     >> then they could pickout sectors with high-entropy and possibly
>     >> they would be your privkey.
>     kmself> So: the locked pages are still accessible to other root
>     kmself> processes, but not to user-land programs, and they're not
>     kmself> swapped to disk?
> The other root programs shouldn't be looking at memory other than
> their own, or else they'd segfault.  The major thing with
> memory-locking is that the memory never gets written to disk.

What about /proc/kcore or /dev/mem?

Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgpBm0rTOCDk4.pgp
Description: PGP signature

Reply to: