At Tue, 19 Aug 2014 23:41:22 +0200, Werner Koch wrote: > On older Linux kernels you had to install gpg suid(root) to allow > mlock() to work (gpg will drop the permissions right after allocating > and locking the memory). Recent Linux kernels grant each process a > certain amount of mlock()-able memory without root permissions. I am > not sure about the current status on BSD kernels and frankly I tend to > ignore the warning or use no-secmem-warning in my gpg.conf. Encrypted > swap is anyway a better protection.
According to FreeBSD manpages, FreeBSD 10 can use mlock/munlock by unpriviredged users by default (security.bsd.unprivileged_mlock=1). But current stable kFreeBSD kernel is version 9 and they not have such function. -- % sudo sysctl security.bsd.unprivileged_mlock security.bsd.unprivileged_mlock: 1 % gpg -v gpg: Go ahead and type your message ... ^C gpg: signal Interrupt caught ... exiting % sudo sysctl security.bsd.unprivileged_mlock=0 security.bsd.unprivileged_mlock: 1 -> 0 % gpg -v Warning: using insecure memory! gpg: Go ahead and type your message ... ^C gpg: signal Interrupt caught ... exiting -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/877g23y77g.wl%k...@daionet.gr.jp