FreeBSD Memory Pages Not Locked?

Jason Stone freebsd-performance at
Wed Apr 16 17:10:14 PDT 2003

Hash: SHA1

>   I recently installed "gpnupg" from the ports collection and
>   upon running it (after the key generation), I found myself
>   seeing the following error:
>   gpg: Warning: using insecure memory!

1) This is a question for freebsd-security, not freebsd-performance

2) Yes, freebsd does support locking pages in memory with mlock, but only
root can call mlock.  If you make gpg setuid root (chmod 4111 `which gpg`)
then it will be able to mlock and the warning will go away.

However, you must decide if that is a good security practice, because now
bugs in gpg can be used to gain root on that machine, and if an attacker
gains root, he gain just sniff your tty and get your passphrase next time
you enter it.  Additionally, other programs on the machine do not mlock
sensitive data into core (think login, sshd, ssh-agent, etc), so you're
already vulnerable to having sensitive data retrieved from swap.

If having sensitive data retrieved from swap is really a concern for you,
run freebsd-5 and use gbde to encrypt your whole swap partition.

3) Or, just add "no-secmem-warning" to your ~/.gnupg/options to silence
the warning.  It's really unlikely that an attack on unencrypted data in
swap will ever affect you.


 Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
 that he was insufficiently fondled when he was an infant.
	-- Ashley Montagu
Version: GnuPG v1.2.1 (FreeBSD)
Comment: See


More information about the freebsd-performance mailing list