NetBSD Problem Report #31547
From www@netbsd.org Mon Oct 10 20:23:20 2005
Return-Path: <www@netbsd.org>
Received: by narn.netbsd.org (Postfix, from userid 31301)
id 051C163B88F; Mon, 10 Oct 2005 20:23:20 +0000 (UTC)
Message-Id: <20051010202320.051C163B88F@narn.netbsd.org>
Date: Mon, 10 Oct 2005 20:23:20 +0000 (UTC)
From: joel@carnat.net
Reply-To: joel@carnat.net
To: gnats-bugs@netbsd.org
Subject: gnupg needs setuid-bit on Linux
X-Send-Pr-Version: www-1.0
>Number: 31547
>Category: pkg
>Synopsis: gnupg needs setuid-bit on Linux
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: linux-pkg-people
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon Oct 10 20:24:00 +0000 2005
>Closed-Date: Tue Jun 19 11:29:53 +0000 2018
>Last-Modified: Tue Jun 19 11:29:53 +0000 2018
>Originator: Joel CARNAT
>Release: none, using Slackware Linux
>Organization:
-
>Environment:
Linux atheria 2.4.31 #2 Mon Oct 10 08:35:45 CEST 2005 i686 unknown unknown GNU/Linux
>Description:
Installing security/gnupg on Slackware 10.2, I faced the "gpg: Warning: using insecure memory!" bug (http://www.gnupg.org/documentation/faqs.html#q6.1).
>How-To-Repeat:
Install security/gnupg (gnupg-1.4.2) on Linux (2.4.31, slackware 10.2).
Use it.
See it complain.
>Fix:
# ll /usr/pkg/bin/gpg
-r-xr-xr-x 1 root root 772K 2005-10-10 22:07 /usr/pkg/bin/gpg*
# sudo chmod +s /usr/pkg/bin/gpg
# ll /usr/pkg/bin/gpg
-r-sr-sr-x 1 root root 772K 2005-10-10 22:07 /usr/pkg/bin/gpg*
Now it works OK.
PS: I only use it to sign my mail. I didn't check encryption.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->linux-pkg-people
Responsible-Changed-By: reed@netbsd.org
Responsible-Changed-When: Tue, 11 Oct 2005 14:53:43 +0000
Responsible-Changed-Why:
Assigned to developers who help with Linux for pkgsrc.
Gentoo installs this as setuid root.
Responsible-Changed-From-To: linux-pkg-people->rillig
Responsible-Changed-By: joerg@netbsd.org
Responsible-Changed-When: Wed, 27 Dec 2006 21:58:26 +0000
Responsible-Changed-Why:
Please add a message to descripe why setuid might be wanted
and why not.
From: joel@carnat.net
To: gnats-bugs@NetBSD.org
Cc: rillig@netbsd.org, linux-pkg-people@netbsd.org,
pkgsrc-bugs@netbsd.org, gnats-admin@netbsd.org, joerg@netbsd.org
Subject: Re: pkg/31547 (gnupg needs setuid-bit on Linux)
Date: Thu, 28 Dec 2006 02:11:52 +0100 (CET)
I don't know what is right on NetBSD platform, but what the FAQ says is:
6.1 Why do I get "gpg: Warning: using insecure memory!"
On many systems this program should be installed as setuid(root). This is
necessary to lock memory pages. Locking memory pages prevents the
operating system from writing them to disk and thereby keeping your secret
keys really secret. If you get no warning message about insecure memory
your operating system supports locking without being root. The program
drops root privileges as soon as locked memory is allocated.
...
If you can't or don't want to install GnuPG setuid(root), you can use the
option "--no-secmem-warning"
hope it helps.
Le Mer 27 décembre 2006 22:58, joerg@netbsd.org a écrit :
> Synopsis: gnupg needs setuid-bit on Linux
>
>
> Responsible-Changed-From-To: linux-pkg-people->rillig
> Responsible-Changed-By: joerg@netbsd.org
> Responsible-Changed-When: Wed, 27 Dec 2006 21:58:26 +0000
> Responsible-Changed-Why:
> Please add a message to descripe why setuid might be wanted
> and why not.
>
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: joel@carnat.net
Cc: gnats-bugs@NetBSD.org, rillig@netbsd.org,
linux-pkg-people@netbsd.org, pkgsrc-bugs@netbsd.org,
gnats-admin@netbsd.org, joerg@netbsd.org
Subject: Re: pkg/31547 (gnupg needs setuid-bit on Linux)
Date: Thu, 28 Dec 2006 00:14:59 +0100
On Thu, Dec 28, 2006 at 02:11:52AM +0100, joel@carnat.net wrote:
> I don't know what is right on NetBSD platform, but what the FAQ says is:
>
> 6.1 Why do I get "gpg: Warning: using insecure memory!"
> On many systems this program should be installed as setuid(root). This is
> necessary to lock memory pages. Locking memory pages prevents the
> operating system from writing them to disk and thereby keeping your secret
> keys really secret. If you get no warning message about insecure memory
> your operating system supports locking without being root. The program
> drops root privileges as soon as locked memory is allocated.
> ...
> If you can't or don't want to install GnuPG setuid(root), you can use the
> option "--no-secmem-warning"
You can also disable the warning in the config file. Explaining why it
might be wanted or not is what I want to see in the man page.
On the NetBSD for example, there's a normal rlimit on the number of
locked pages, unless you go over that limit you don't need setuid at
all.
Joerg
From: joel@carnat.net
To: "Joerg Sonnenberger" <joerg@britannica.bec.de>
Cc: gnats-bugs@netbsd.org, rillig@netbsd.org,
linux-pkg-people@netbsd.org, pkgsrc-bugs@netbsd.org,
gnats-admin@netbsd.org, joerg@netbsd.org
Subject: Re: pkg/31547 (gnupg needs setuid-bit on Linux)
Date: Thu, 28 Dec 2006 12:27:25 +0100 (CET)
I dont have enough technical knowledge to answer.
All I can say is that the gpg binary required setuid-bit when I tried
using it on 2.4.31 (slackware 10.2) and that it doesn't anymore on
2.6.11.12-xenU (slackware 10.2 as a NetBSD/xen domU).
Maybe it just had something to do with memory management on 2.4.x kernel
series.
Regards,
Jo
Le Jeu 28 décembre 2006 00:14, Joerg Sonnenberger a écrit :
>> If you can't or don't want to install GnuPG setuid(root), you can use
>> the option "--no-secmem-warning"
>
> You can also disable the warning in the config file. Explaining why it
> might be wanted or not is what I want to see in the man page.
>
> On the NetBSD for example, there's a normal rlimit on the number of
> locked pages, unless you go over that limit you don't need setuid at all.
>
> Joerg
>
>
Responsible-Changed-From-To: rillig->pkg-manager
Responsible-Changed-By: rillig@NetBSD.org
Responsible-Changed-When: Fri, 20 Nov 2009 11:57:02 +0000
Responsible-Changed-Why:
I cannot handle this anymore.
Responsible-Changed-From-To: pkg-manager->linux-pkg-people
Responsible-Changed-By: obache@NetBSD.org
Responsible-Changed-When: Sat, 21 Nov 2009 01:19:41 +0000
Responsible-Changed-Why:
back to linux-pkg-people
State-Changed-From-To: open->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 19 Jun 2018 11:29:53 +0000
State-Changed-Why:
wontfix. setuid root is needed for linux 2.4.x apparently (according to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453122). making it setuid root for what is now an extremely unlikely use case (someone sitll using very old linux 2.4.x) is probably a bad idea.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home