Insecure memory (and SUID)?

Printable View

10-03-2007, 02:23 AM
unix

Insecure memory (and SUID)?

I keep getting the insecure memory warning:

% gpg --list-keys
gpg: WARNING: using insecure memory!
gpg: please see [url]http://www.gnupg.org/faq.html[/url] for more information

but I've set it SUID
-rwsr-xr-x 1 root root 2543216 2004-02-26 01:34 /usr/local/bin/gpg*

% gpg --version
gpg (GnuPG) 1.2.2-rc1-SuSE
Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160
Compress: Uncompressed, ZIP, ZLIB

% uname -a
Linux host 2.4.20 #3 Tue Jun 10 02:16:55 EST 2003 i686 unknown unknown GNU/Linux

Anyone know what's going on?

-jason
10-03-2007, 02:23 AM
unix

Re: Insecure memory (and SUID)?

[email]usenet.9.jvarsoke@spamgourmet.com[/email] (JVarsoke) writes:
[color=blue]
> I keep getting the insecure memory warning:
>
> % gpg --list-keys
> gpg: WARNING: using insecure memory!
> gpg: please see [url]http://www.gnupg.org/faq.html[/url] for more information
>
> but I've set it SUID
> -rwsr-xr-x 1 root root 2543216 2004-02-26 01:34 /usr/local/bin/gpg*[/color]

How'd that thing get so big?

billyoc@dps11:~$ ls -l /usr/bin/gpg
-rwsr-xr-x 1 root root 644716 Jan 20 12:37 /usr/bin/gpg

Are you sure you don't have another binary in the $PATH? I've only
ever seen this message running my local cvs copy.
10-03-2007, 02:23 AM
unix

Re: Insecure memory (and SUID)?

Billy O'Connor <billyoc@gnuyork.org> wrote in message news:<87wu682jrp.fsf@dps11.gnuyork.org>...[color=blue]
> [email]usenet.9.jvarsoke@spamgourmet.com[/email] (JVarsoke) writes:
>[color=green]
> > I keep getting the insecure memory warning:[/color][/color]
[color=blue]
> How'd that thing get so big?[/color]

no idea, that's what I compiled.
[color=blue]
>
> billyoc@dps11:~$ ls -l /usr/bin/gpg
> -rwsr-xr-x 1 root root 644716 Jan 20 12:37 /usr/bin/gpg
>
> Are you sure you don't have another binary in the $PATH? I've only
> ever seen this message running my local cvs copy.[/color]

ah! yes, you are right. Weird, didn't know my distro installed a copy
of this in /usr/bin/gpg (which of course is not SUID root). Thanks.

-jason
10-03-2007, 02:24 AM
unix

Re: Insecure memory (and SUID)?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[email]usenet.9.jvarsoke@spamgourmet.com[/email] (JVarsoke) writes:
[color=blue]
>Billy O'Connor <billyoc@gnuyork.org> wrote in message news:<87wu682jrp.fsf@dps11.gnuyork.org>...[color=green]
>> [email]usenet.9.jvarsoke@spamgourmet.com[/email] (JVarsoke) writes:
>>[color=darkred]
>> > I keep getting the insecure memory warning:[/color][/color][/color]
[color=blue][color=green]
>> How'd that thing get so big?[/color][/color]
[color=blue]
>no idea, that's what I compiled.[/color]

Maybe try "strip gpg" to remove debugging symbols (unless you want
them to be there).

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SunOS)

iD8DBQFAQMzyvmGe70vHPUMRAn0WAJkBK1KFNaJwFwn8PIhceePH4E2aegCg0qm5
RiT7i9Yaubsdy4dhSQxNzgI=
=GPSL
-----END PGP SIGNATURE-----