Re: GPG memory is not secure.
At Tue, 19 Aug 2014 23:41:22 +0200,
Werner Koch wrote:
> On older Linux kernels you had to install gpg suid(root) to allow
> mlock() to work (gpg will drop the permissions right after allocating
> and locking the memory). Recent Linux kernels grant each process a
> certain amount of mlock()-able memory without root permissions. I am
> not sure about the current status on BSD kernels and frankly I tend to
> ignore the warning or use no-secmem-warning in my gpg.conf. Encrypted
> swap is anyway a better protection.
According to FreeBSD manpages, FreeBSD 10 can use mlock/munlock by
unpriviredged users by default (security.bsd.unprivileged_mlock=1).
But current stable kFreeBSD kernel is version 9 and they not have such
function.
--
% sudo sysctl security.bsd.unprivileged_mlock
security.bsd.unprivileged_mlock: 1
% gpg -v
gpg: Go ahead and type your message ...
^C
gpg: signal Interrupt caught ... exiting
% sudo sysctl security.bsd.unprivileged_mlock=0
security.bsd.unprivileged_mlock: 1 -> 0
% gpg -v
Warning: using insecure memory!
gpg: Go ahead and type your message ...
^C
gpg: signal Interrupt caught ... exiting
Reply to: