Bug 11806

Summary: insecure memory, unsupported public key algorithms.
Product: [Retired] Red Hat Raw Hide Reporter: Pekka Savola <pekkas>
Component: gnupgAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-05-31 19:47:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pekka Savola 2000-05-31 19:47:41 UTC 
gpg blurts out a message warning about using insecure memory:
---
gpg: Warning: using insecure memory!
---
(I''m assuming this always happens.. I upgraded with .src.rpm''s from RH51 
though)

Can this be fixed?


------

Also, when reading mails using rawhide pine that has gpg filters built in, 
there will be annoyingly long freezes when gpg checks for keys.  This 
happens with every message on bugtraq daily.

This might be somehow related to following kind of messages:
---
gpg: key 3D25D3D9: unsupported public key algorithm
gpg: key 3D25D3D9: no valid user IDs
---
[pub  2048/3D25D3D9 1999/03/06 SuSE Security Team <security> -- PGP 
2.6.3i ]

Very many organizations seem to sign their messages with PGP 2.6.3i
and fetching the signatures off a keyserver (using keyserver 
wwwkeys.de.pgp.net) always fails.
Comment 1 Nalin Dahyabhai 2000-05-31 20:21:48 UTC 
The first problem has to do with the fact that when GPG is running, it can be
swapped out to disk by the kernel, which isn''t be cleared automatically when
it gets swapped in, so sensitive information might be there.  To counter this,
GPG would have to be executing as root to lock its pages in RAM (i.e., running
GPG setuid-root, which it supports), which might lead to other problems.  For
now, we won''t be doing that.

As for the keys, if they''re RSA keys, there''s nothing we can do about that while
the RSA algorithms are patented in the U.S.
Comment 2 Nalin Dahyabhai 2000-10-27 17:00:11 UTC 
*** Bug 19897 has been marked as a duplicate of this bug. ***