Possible bug: unable to lock memory with libgcrypt 1.7.4 on macOS Sierra 10.12.1

Adam Liter io at adamliter.org
Sun Dec 11 02:08:52 CET 2016


Hello,

I think there might be a bug with libgrcypt 1.7.4 with regard to locking 
memory on macOS Sierra 10.12.1. Today, the package manager Homebrew 
bumped to libgcrypt version 1.7.4 (see here: 
https://github.com/Homebrew/homebrew-core/commit/06820e6fb69114fe33b06a2b2b571f73bb828caf)

After updating my installed packages with Homebrew, I'm no longer able 
to use gpg2 with --require-secmem (even if I make the gpg2 binary have 
the setuid root bit flipped, as suggested here: 
https://lists.gnupg.org/pipermail/gnupg-users/1999-August/004024.html):

```

$ /usr/local/Cellar/gnupg2/2.0.30_2/bin/gpg2 --version
gpg (GnuPG) 2.0.30
libgcrypt 1.7.4
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
         CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

$ /usr/local/Cellar/gnupg2/2.0.30_2/bin/gpg2 --require-secmem
Warning: using insecure memory!
gpg: will not run with insecure memory due to --require-secmem

```

On the other hand, I also have a gpg2 binary from the MacGPG Suite, 
which is linked against an older version of libgcrypt, and is able to 
execute when passed the --require-secmem option:

```

$ /usr/local/MacGPG2/bin/gpg2 --version
gpg (GnuPG/MacGPG2) 2.0.30
libgcrypt 1.6.6
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
         CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

$ /usr/local/MacGPG2/bin/gpg2 --require-secmem
gpg: Go ahead and type your message ...
^C
gpg: signal Interrupt caught ... exiting

```

(You can find these same details here: 
http://apple.stackexchange.com/q/264350/85567)

I don't really know anything about the underlying libraries, so I have 
no idea what the bug is, but those are my reasons for thinking that 
there is a bug in the new 1.7.4 version with regard to locking memory in 
macOS 10.12.1.

Thanks for the great software!

Best,

Adam Liter



More information about the Gcrypt-devel mailing list