Red Hat Bugzilla – Bug 32618
/usr/bin/gpg requires SETUID root to use secure memory
Last modified: 2007-04-18 12:32:18 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2 i686; en-US; 0.8) Gecko/20010215 The RPM installs /usr/bin/gpg without the SETUID bit set. This prevents gpg from using secure memory--it cannot prevent its memory spaces from being written to the (insecure) virtual memory spaces. GPG has code to lose the root permissions after allocating memory, so it seems that the security implications of having SETUID are less than writing unencrypted keys to disk (!!!). With capabilities perhaps we could avoid this, but... Reproducible: Always Steps to Reproduce: 1. chmod `which gpg` -s 2. gpg (as non-root) Actual Results: "gpg: Warning: using insecure memory!" "gpg: Go ahead and type your message..." Expected Results: "gpg: Go ahead and type your message..." Additional Information: "rpm -q gnupg: gnupg-1.0.4-9" Fix: "chmod `which gpg` +s"
Hm, I tend to agree, IF the codepath up to dropping root privs is sufficiently convincing.
Use the --no-secmem-warning option to disable this message. Given the choice between a hypothetical code vulnerability and the possibility of a malicious party reading sensitive data from your swap partition, we choose to ship without the setuid bit set.