Bug 51913 - /usr/bin/gpg needs setuid root for memory locking
Summary: /usr/bin/gpg needs setuid root for memory locking
Status: CLOSED DUPLICATE of bug 19897
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gnupg   
(Show other bugs)
Version: 7.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
Keywords: Security
: 56846 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2001-08-16 19:33 UTC by Ed Halley
Modified: 2007-04-18 16:35 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-01-18 18:10:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ed Halley 2001-08-16 19:33:45 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.2-2 i686; en-US; rv:0.9.1)

Description of problem:
Per the last paragraph in 'man gpg', gpg attempts to allocate locked memory
so it can ensure that the memory is not paged to disk.  If gpg cannot
allocate locked memory, it gives warning about using insecure memory.

Package should consider 'chmod +s /usr/bin/gpg' to avoid the insecure
memory security risk.  It is understood that setuid is a different kind of
security risk. :)

I'm not sure which way the packager should balance security... the
integrity of the machine or the integrity of the user's information.  In
this case, I personally would favor the integrity of my encrypted information.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install latest gpg package.  Note or ensure no setuid mode on gpg.
2. Use gpg to verify a signature or to encrypt or decrypt data.
3. Note the warning about insecure memory goes away if gpg is setuid root.

Actual Results:  Without setuid root, gpg complains about having to use
insecure (pageable) memory.

Expected Results:  With setuid root, gpg is able to ensure its allocated
memory will not be paged to disk, and gives no warning.

Additional info:

See 'man gpg', last paragraph.

Comment 1 Nalin Dahyabhai 2002-01-18 18:09:59 UTC
*** Bug 56846 has been marked as a duplicate of this bug. ***

Comment 2 Nalin Dahyabhai 2002-01-18 21:43:47 UTC

*** This bug has been marked as a duplicate of 19897 ***

Note You need to log in before you can comment on or make changes to this bug.