[Pkg-gnupg-maint] Bug#598471: using insecure memory on GNU/kFreeBSD

Robert Millan rmh at debian.org
Wed Sep 29 09:41:08 UTC 2010 

Package: gnupg
Version: 1.4.10-4
Severity: normal
Tags: patch
User: debian-bsd at lists.debian.org
Usertags: kfreebsd

gnupg is using insecure memory on GNU/kFreeBSD (unless run as root) because
mlock() kernel call is reserved to the super-user [1]:

  gpg: WARNING: using insecure memory!
  gpg: please see http://www.gnupg.org/faq.html for more information

Upstream recommends [2] setting the SUID bit and assures that "the program
drops root privileges as soon as locked memory is allocated".

Patch attached.

Note for those coming from google: Aside from this problem, you may also
get this error on GNU/kFreeBSD due to hard kernel limit on locked pages.
Try increasing vm.max_wired sysctl to be somewhat larger than
vm.stats.vm.v_wire_count

[1] http://www.freebsd.org/cgi/man.cgi?query=mlock&apropos=0&sektion=0&manpath=FreeBSD+8.1-RELEASE&format=html

[2] http://www.gnupg.org/faq.html#q6.1

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 8.1-1-amd64
Locale: LANG=ca_AD.UTF-8, LC_CTYPE=ca_AD.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnupg depends on:
ii  dpkg                    1.15.8.4         Debian package management system
ii  gpgv                    1.4.10-4         GNU privacy guard - signature veri
ii  install-info            4.13a.dfsg.1-5   Manage installed documentation in 
ii  libbz2-1.0              1.0.5-6          high-quality block-sorting file co
ii  libc0.1                 2.11.2-6         Embedded GNU C Library: Shared lib
ii  libreadline6            6.1-3            GNU readline and history libraries
ii  libusb-0.1-4            2:0.1.12-16      userspace USB programming library
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages gnupg recommends:
pn  gnupg-curl                    <none>     (no description available)
ii  libldap-2.4-2                 2.4.23-6   OpenLDAP libraries

Versions of packages gnupg suggests:
ii  eog                           2.30.2-1   Eye of GNOME graphics viewer progr
pn  gnupg-doc                     <none>     (no description available)
pn  libpcsclite1                  <none>     (no description available)

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpg_suid.diff
Type: text/x-diff
Size: 1006 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20100929/fd2d63e9/attachment.diff>

More information about the Pkg-gnupg-maint mailing list