encrypted filesystems

ken_i_m at elegantinnovations.net ken_i_m at elegantinnovations.net
Tue Jan 6 19:48:41 PST 2004


On Tue, Jan 06, 2004 at 08:09:25PM +0000, Christopher James Coleman (ug97cjc at cs.bham.ac.uk) wrote:
> > The secmem warning in gpg refers to someone rooting your box and reading
> > the memory pages where the password is stored...
> 
> Sorry, my mistake. Unless there are two warnings, as I am sure there is a
> mention of swap by GPG.

OK, I tried to find a reference as I remember it... but didn't.
I did find what Chris recalls in the GnuPG FAQ:

[quote]
On many systems this program should be installed as setuid(root). This is 
necessary to lock memory pages. Locking memory pages prevents the operating
system from writing them to disk and thereby keeping your secret keys 
really secret. If you get no warning message about insecure memory your 
operating system supports locking without being root. The program drops 
root privileges as soon as locked memory is allocated.
[unquote]
-- 
I think, therefore, ken_i_m
Chief Gadgeteer, Elegant Innovations
Founder, Bozeman Linux Users Group
(406) 581-0495



More information about the hlfs-dev mailing list