[Pkg-gnupg-maint] Bug#598471: Bug#598471: using insecure memory on GNU/kFreeBSD
Robert Millan
rmh at debian.org
Sat Nov 13 13:58:29 UTC 2010
2010/11/13 Thijs Kinkhorst <thijs at debian.org>:
>>> Upstream recommends [2] setting the SUID bit and assures that "the
>>> program
>>> drops root privileges as soon as locked memory is allocated".
>>
>> However it is much easier and more secure to enable encrypted swap
>> space than to use mlock. It seems that gbde and the init scripts are
>> missing on GNU/kfreebsd.
>
> Robert, as I don't have knowledge of GNU/kFreeBSD, can you say whether the
> suggestion by Werner is indeed a better way to solve this problem?
I disagree. This puts an additional burden on the user. Adding SUID
bit doesn't seem like a security problem. Gnupg drops privileges as
soon as it's not needed anymore, and upstream recommends this in
their FAQ.
(Yes I know Werner is upstream, but if it's still in the FAQ I assume he
doesn't consider it a bad option)
CC'ing debian-bsd
--
Robert Millan
More information about the Pkg-gnupg-maint
mailing list