"Insecure memory" (yes setuid set) and "get_passphrase failed"
Werner Koch
wk at gnupg.org
Tue Sep 5 09:06:22 CEST 2017
On Tue, 5 Sep 2017 02:45, marioxcc.MT at yandex.com said:
> Are you sure that this is required in Solaris? At least in Debian
> GNU/Linux there is no need to setuid the gpg binary to root. Root setuid
> programs are a security problem. If an attacker can get control of this
> program, he can operate with root privileges.
Actually gpg drops suid right after initializing memory and has several
checks to make sure that it has been dropped. Any, I would ignore that
problem for now. If the diagnostics is annoying
no-secmem-warning
in gpg.conf can be used.
For the other problem I noticed that the gpg binary is pretty small and
thus I assume gpg is some kind of wrapper script. Mote information on
the installation is needed, in particular the gnupg versions and how it
was build.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170905/5dfe0781/attachment.sig>
More information about the Gnupg-users
mailing list