Re: [Pkg-gnupg-maint] Bug#598471: using insecure memory on GNU/kFreeBSD
On Sunday 14 November 2010 23:35:39 Robert Millan wrote: > 2010/11/14 Werner Koch : > >> I don't have time to work on this myself. Unless someone else does, > >> I'd still recommend adding the SUID bit as a temporary solution. > > > > Might be the easiest way until we have proper disk encryption support. > > Ok. Thijs, since there were no other objections, would you > please go with that option? It's already committed; it will be part of a next upload. Cheers, Thijs signature.asc Description: This is a digitally signed message part.
Re: [Pkg-gnupg-maint] Bug#598471: using insecure memory on GNU/kFreeBSD
2010/11/14 Werner Koch : >> I don't have time to work on this myself. Unless someone else does, >> I'd still recommend adding the SUID bit as a temporary solution. > > Might be the easiest way until we have proper disk encryption support. Ok. Thijs, since there were no other objections, would you please go with that option? Thanks -- Robert Millan -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlkti=o6wufcf1mwfuk-jrk02ffgq=cbfwlbjr1i...@mail.gmail.com
Re: [Pkg-gnupg-maint] Bug#598471: using insecure memory on GNU/kFreeBSD
[ removing 598...@bugs.debian.org as it's not relevant to the bug report anymore ] 2010/11/14 Werner Koch : > Last weekend I tried to port [geli] but I have a > lack of understanding how the Debian packages are supposed to work > together; in particular the kernel headers and the various system > libraries like libgeom etc. You basically just need to fetch geli sources by editting freebsd-utils' debian/rules, then provide a patch to make those sources build, and figure out if any library or kernel headers are missing. If libraries are missing they need to be added to Build-Depends field in debian/control, if kernel headers are missing, just copy them by hand and file a bug report on kfreebsd-kernel-headers requesting them. Don't worry if you make a mistake on the Debian side of things, they're easy to fix. If you have any doubts you're more than welcome to ask. -- Robert Millan -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikgy0kqjj43pr558hgrmzo=rsigx3e+pnm_g...@mail.gmail.com
Re: [Pkg-gnupg-maint] Bug#598471: using insecure memory on GNU/kFreeBSD
On Sat, 13 Nov 2010 21:38, r...@debian.org said: Yeah, that is a problem. Last weekend I tried to port it but I have a lack of understanding how the Debian packages are supposed to work together; in particular the kernel headers and the various system libraries like libgeom etc. > For that we're missing a port of "geli" utility, figuring out some init.d I'd really like to help here because of the g13 tool of GnuPG which I would like to have support for geli as backend. I even pondered with the idea of rewriting geli and to integrate it closley into g13. The lack of documentation in this area makes it not very easy. > I don't have time to work on this myself. Unless someone else does, > I'd still recommend adding the SUID bit as a temporary solution. Might be the easiest way until we have proper disk encryption support. > P.S. I suggest you update that FAQ ; -) Will do that. It is easier now because I converted the FAQ to orgmode and it will not be distributed with GnuPG anymore. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87eianu4jb@vigenere.g10code.de
Re: [Pkg-gnupg-maint] Bug#598471: using insecure memory on GNU/kFreeBSD
2010/11/13 Werner Koch : > I can't see why encrypting the swap puts an additional burden on the > user or on the machine. This depends on whether it's the default setting or not. If it's not, it definitely does (just the burden of figuring out what the heck is wrong is already significant for many users). > Even without having done any benchmarks > I'd enable swap encryption by default. I second that. kFreeBSD disk encryption supports generating one-time keys, which works well for swap: geli onetime -s 4096 /dev/something swapon /dev/something.eli For that we're missing a port of "geli" utility, figuring out some init.d magic that would replace (or integrate with) "swapon -a", and integration with D-I to set the whole thing up. I don't have time to work on this myself. Unless someone else does, I'd still recommend adding the SUID bit as a temporary solution. What do debian-bsd folks think about this? P.S. I suggest you update that FAQ ; -) -- Robert Millan -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikvjjtcm7+fbwezkoqyz+jfed+rjxwltue98...@mail.gmail.com
Re: [Pkg-gnupg-maint] Bug#598471: using insecure memory on GNU/kFreeBSD
On Sat, 13 Nov 2010 14:58, r...@debian.org said: > I disagree. This puts an additional burden on the user. Adding SUID I can't see why encrypting the swap puts an additional burden on the user or on the machine. If you need to swap/page something you are in either of these situations: - The process is idle for a long time. Thus there should be no burden to the user regarding the extra time it takes for the system to swap it out. The system is anyway under some stress. - There is a severe memory resource shortage and due to the ongoing swap operations in many processes, the system performance is I/O bounded and the CPU has enough time to do that little symmetric encryption. Even without having done any benchmarks I'd enbale swap encryption by default. > bit doesn't seem like a security problem. Gnupg drops privileges as > soon as it's not needed anymore, and upstream recommends this in > their FAQ. Ahemm, the FAQ. Well that beast is old and hopefully the only unmaintained part of GnuPG. The background for the SUID stuff is that back in 1998 encrypted swap partitions were not widely available and disk encryption on GNU/Linux was not available at all (due to US export restrictions). The manual even states (at least I hope) that you should set the SUID bit only if you see the warning, on modern Linux kernels there is no need for it because any process may mlock a few pages which is sufficient. With an encrypted swap partition all stuff could be much much easier. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87r5ept57v@vigenere.g10code.de
Re: [Pkg-gnupg-maint] Bug#598471: using insecure memory on GNU/kFreeBSD
On Saturday 13 November 2010 14:58:29 Robert Millan wrote: > >>> Upstream recommends [2] setting the SUID bit and assures that "the > >>> program > >>> drops root privileges as soon as locked memory is allocated". > >> > >> However it is much easier and more secure to enable encrypted swap > >> space than to use mlock. It seems that gbde and the init scripts are > >> missing on GNU/kfreebsd. > > > > Robert, as I don't have knowledge of GNU/kFreeBSD, can you say whether > > the suggestion by Werner is indeed a better way to solve this problem? > > I disagree. This puts an additional burden on the user. Adding SUID > bit doesn't seem like a security problem. Gnupg drops privileges as > soon as it's not needed anymore, and upstream recommends this in > their FAQ. > > (Yes I know Werner is upstream, but if it's still in the FAQ I assume he > doesn't consider it a bad option) > > CC'ing debian-bsd OK, I'll be applying your patch then in the next upload of gnupg. Cheers, Thijs signature.asc Description: This is a digitally signed message part.
Re: [Pkg-gnupg-maint] Bug#598471: using insecure memory on GNU/kFreeBSD
2010/11/13 Thijs Kinkhorst : >>> Upstream recommends [2] setting the SUID bit and assures that "the >>> program >>> drops root privileges as soon as locked memory is allocated". >> >> However it is much easier and more secure to enable encrypted swap >> space than to use mlock. It seems that gbde and the init scripts are >> missing on GNU/kfreebsd. > > Robert, as I don't have knowledge of GNU/kFreeBSD, can you say whether the > suggestion by Werner is indeed a better way to solve this problem? I disagree. This puts an additional burden on the user. Adding SUID bit doesn't seem like a security problem. Gnupg drops privileges as soon as it's not needed anymore, and upstream recommends this in their FAQ. (Yes I know Werner is upstream, but if it's still in the FAQ I assume he doesn't consider it a bad option) CC'ing debian-bsd -- Robert Millan -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktinityc3mrmwg1jrybyzuu8fn7ezueahy9r8c...@mail.gmail.com
