2010/11/13 Thijs Kinkhorst <th...@debian.org>: >>> Upstream recommends [2] setting the SUID bit and assures that "the >>> program >>> drops root privileges as soon as locked memory is allocated". >> >> However it is much easier and more secure to enable encrypted swap >> space than to use mlock. It seems that gbde and the init scripts are >> missing on GNU/kfreebsd. > > Robert, as I don't have knowledge of GNU/kFreeBSD, can you say whether the > suggestion by Werner is indeed a better way to solve this problem?
I disagree. This puts an additional burden on the user. Adding SUID bit doesn't seem like a security problem. Gnupg drops privileges as soon as it's not needed anymore, and upstream recommends this in their FAQ. (Yes I know Werner is upstream, but if it's still in the FAQ I assume he doesn't consider it a bad option) CC'ing debian-bsd -- Robert Millan -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktinityc3mrmwg1jrybyzuu8fn7ezueahy9r8c...@mail.gmail.com
