FreeBSD Memory Pages Not Locked?

David Taylor davidt at yadt.co.uk
Wed Apr 16 16:37:26 PDT 2003


[moved to -questions, and unsnipped for that reason]
[note, I'm not ON -questions, so please CC me in any replies]

On Wed, 16 Apr 2003, Sêrêciya Kurdistanî wrote:
> Hello,
> 
>   I recently installed "gpnupg" from the ports collection and
>   upon running it (after the key generation), I found myself
>   seeing the following error:
> 
>   gpg: Warning: using insecure memory!
> 
>   ... Those of you who are impatient and think that this is a
>    gpg &| port specific problem, please be patient and read on ...
> 
>   from: http://www.gnupg.org/documentation/faqs.html#q6.1
>   Here's what the GPG FAQ says: 
> 
>  "6.1) Why do I get "gpg: Warning: using insecure memory!"
> 
>   On many systems this program should be installed as setuid(root).
>   This is necessary to lock memory pages. Locking memory pages
>   prevents the operating system from writing them to disk and
>   thereby keeping your secret keys really secret. If you get no
>   warning message about insecure memory your operating system
>   supports locking without being root. The program drops root
>   privileges as soon as locked memory is allocated."
> 
> 
>   So my question is:  does FreeBSD really not have support for
>                       locking memory pages?

Not by non root users.
 
>                       if this is true, then what is the reason
>                       that this has not yet been implemented,
>                       is this not an important security feature?

(I assume) because if any user could lock pages in memory, so that it
could not be swapped, they could cause the system to run low on physical
memory, resulting in a DoS (Denial of service) attack.
 
>                       otherwise... if FreeBSD does in fact have
>                       support for locking memory pages, then
>                       why am I getting this error message?

Because you haven't made gpg setuid root (chmod u+s /usr/local/bin/gpg
should achieve that -- but there are security considerations).  You should
either: accept that your passphrase/private key may end up on swap at some
point; or set the program set-uid root, and accept that any security
problems in gpg (before the point where it drops privileges) could result
in your root account being comprimised (and the gpg binary being replaced
with another one that e-mails your passphrase around the globe).

The correct solution depends on how paranoid you are, who has access to
your box, etc.
 
>   If any of you have encountered this problem, and would like
>   to offer some help &| advice, you have a captive audience
>   of at least one, me!

Most of this was explained in the FAQ that you posted, I'm not entirely
sure how you didn't understand it, but possibly it's badly worded and i
just intuitively understand it because I know the answer already.


-- 
David Taylor
davidt at yadt.co.uk
"The future just ain't what it used to be"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-performance/attachments/20030417/3e725281/attachment.bin


More information about the freebsd-performance mailing list