GPGP is setuid to be able to lock memory pages from being swapped to disk.
GnuPG _is_ setuid
Posted Mar 10, 2007 14:31 UTC (Sat) by evgeny (guest, #774)
Posted Mar 11, 2007 17:51 UTC (Sun) by ekj (guest, #1524)
True, true, one *could* do the former with a C-library, and the latter by piping to a setuid-executable, but most developers would probably consider the two funcitons related and prefer they both be accesses by the same mechanism.
Posted Mar 11, 2007 21:40 UTC (Sun) by evgeny (guest, #774)
In general, though, the locked-to-RAM pages are more or less a fiction. With the VM stuff entering our life, what an OS believes is RAM might actually be a swap in the host. Ditto for software/hardware suspend etc. All in all, I prefer a clean API over a mess with potential marginal extra security through the locked pages (and much less marginal chances of get screwed because of potential bugs in gpg being run setuid). Not to mention that e.g. ssh doesn't use mlock so ... why would one worry about gpg specifically?
Posted Mar 12, 2007 10:34 UTC (Mon) by ekj (guest, #1524)
Posted Mar 16, 2007 12:28 UTC (Fri) by robbe (subscriber, #16131)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds