Red Hat Bugzilla – Bug 32618
/usr/bin/gpg requires SETUID root to use secure memory
Last modified: 2007-04-18 12:32:18 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2 i686; en-US; 0.8) Gecko/20010215
The RPM installs /usr/bin/gpg without the SETUID bit set. This prevents
gpg from using secure memory--it cannot prevent its memory spaces from
being written to the (insecure) virtual memory spaces. GPG has code to
lose the root permissions after allocating memory, so it seems that the
security implications of having SETUID are less than writing unencrypted
keys to disk (!!!). With capabilities perhaps we could avoid this, but...
Steps to Reproduce:
1. chmod `which gpg` -s
2. gpg (as non-root)
Actual Results: "gpg: Warning: using insecure memory!"
"gpg: Go ahead and type your message..."
Expected Results: "gpg: Go ahead and type your message..."
Additional Information: "rpm -q gnupg: gnupg-1.0.4-9"
Fix: "chmod `which gpg` +s"
Hm, I tend to agree, IF the codepath up to dropping root privs is sufficiently
Use the --no-secmem-warning option to disable this message. Given the choice
between a hypothetical code vulnerability and the possibility of a malicious
party reading sensitive data from your swap partition, we choose to ship without
the setuid bit set.