[Pkg-gnupg-maint] Bug#598471: Bug#598471: using insecure memory on GNU/kFreeBSD

Thijs Kinkhorst thijs at debian.org
Sat Nov 13 16:19:15 UTC 2010


On Saturday 13 November 2010 14:58:29 Robert Millan wrote:
> >>> Upstream recommends [2] setting the SUID bit and assures that "the
> >>> program
> >>> drops root privileges as soon as locked memory is allocated".
> >> 
> >> However it is much easier and more secure to enable encrypted swap
> >> space than to use mlock.  It seems that gbde and the init scripts are
> >> missing on GNU/kfreebsd.
> > 
> > Robert, as I don't have knowledge of GNU/kFreeBSD, can you say whether
> > the suggestion by Werner is indeed a better way to solve this problem?
> 
> I disagree.  This puts an additional burden on the user.  Adding SUID
> bit doesn't seem like a security problem.  Gnupg drops privileges as
> soon as it's not needed anymore, and upstream recommends this in
> their FAQ.
> 
> (Yes I know Werner is upstream, but if it's still in the FAQ I assume he
> doesn't consider it a bad option)
> 
> CC'ing debian-bsd

OK, I'll be applying your patch then in the next upload of gnupg.


Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20101113/592f436c/attachment-0001.pgp>


More information about the Pkg-gnupg-maint mailing list