insecure memory

ME dugan at passwall.com
Thu Dec 19 22:11:17 PST 2002


These are quick and easy. Then I go back to study. 4 more chapters to
review and 12 hours till final.. :-)

Lorie Obal said:
> I'm working on installing gnupg and I had a couple of questions.
> After running gpg --verify gnupg-1.2.1.tar.gz.sig gnupg-1.2.1.tar.gz.sig
>
> I got: "warning: using insecure memory!"

>From the faq.html in the gpg docs dir from source:
[chop]
  6.1) Why do I get "gpg: Warning: using insecure memory!"

   On many systems this program should be installed as setuid(root). This
   is necessary to lock memory pages. Locking memory pages prevents the
   operating system from writing them to disk and thereby keeping your
   secret keys really secret. If you get no warning message about
   insecure memory your operating system supports locking without being
   root. The program drops root privileges as soon as locked memory is
   allocated.

   On UnixWare 2.x and 7.x you should install GnuPG with the 'plock'
   privilege to get the same effect:
        filepriv -f plock /path/to/gpg

   If you can't or don't want to install GnuPG setuid(root), you can use
   the option "--no-secmem-warning" or put
[chop]


> I also had a question about the MD5 checksum.  While I found the info in
>  the howto, the response I got after running it was rather cryptic.  Can
>  anyone shed some light on how you know it is correct?

You are often given an md5checksum for a file or package.
(For this example, I will do this on my copy og v1.0.7 gpg that I compiled)

So, say I was silly and gave a buddy my executable gpg program, but he
wanted to be sure he got the right one. In another trusted channel, I tell
him, the md5 checksum is:
e7069aaa713caea4952f8c22346d13f7

So he gets the file, and on his system he does:
$ md5sum /path/to/the/gpp/he/copied/to/his/system
e7069aaa713caea4952f8c22346d13f7  /usr/local/bin/gpg

the string (md5 checksums) match, so it is very likely he has the same
file I wanted him to copy - and it is not modified.

If even one bit were different, a different md5sum would result, and he
would guess the file has is not the one I wanted him to have, or it was
incomplete or damaged, or...

Enjoy!
(Back to studying)

-ME



-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(  ) !s !a   (-----) C  $(    ) U    $( $) P $>
L   $(  ) E W   $( ) N  o K w $>  >    O-@ M $ V-$>- !PS !PE Y  PGP
t at -(  ) 5 @ X@ R- tv- b   DI    D  G--@ e >  >     h(  )>  r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
  Campus IT(/OS Security): Operating Systems Support Specialist Assistant





More information about the talk mailing list