gpg installed without setuid root
Bug #184751 reported by
foo
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Nexenta Operating System |
Won't Fix
|
Medium
|
Tim Spriggs |
Bug Description
GPG isn't installed setuid root by default:
$ ls -l `which gpg`
-rwxr-xr-x 1 root root 716408 May 12 2006 /usr/bin/gpg
This causes the following warning:
$ gpg
gpg: WARNING: using insecure memory!
gpg: please see http://
$ apt-cache show gnupg | grep -i version
Version: 1.4.2.2-1nexenta3
Note: the original reporter indicated the bug was in package 'gnupg'; however, that package was not published in Nexenta Operating System.
To post a comment you must log in.
The Debian package intentionally does not set this program as SUID root. Linux platforms allow users to lock small amounts of system memory which makes the SUID bit unnecessary. The closet possibility under Solaris seems to involve RBAC and the proc_lock_memory privilege:
% ppriv -lv proc_lock_memory
proc_lock_memory
Allows a process to lock pages in physical memory.
Setting this binary as SUID root when upstream does not may be a bad idea since root exploits may not be closely tracked. I am interested to hear if there is a better idea on how to implement this without suid and potentially using Solaris mechanisms like RBAC.