GPG insecure memory

Just a quick note to record the answer to a question that’s been bugging me for quite a while:

% gpg --list-keys 64EBE220  
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
pub   1024D/64EBE220 2006-11-11 [expires: 2009-11-10]
uid                  Dag-Erling Smørgrav 
uid                  Dag-Erling Smørgrav 
uid                  [jpeg image of size 3315]

The textbook solution is to chmod u+s =gpg, but this doesn’t always work on FreeBSD (especially on amd64). The reason is that the default limit on wired pages (which includes the unified buffer cache) is too low. It is initialized at boot time to approximately one-third of system memory. Increasing it to, say, half your system memory should fix the GnuPG issue:

% sudo sysctl vm.max_wired=524288
vm.max_wired: 333091 -> 524288

Remember that vm.max_wired is in pages, not in bytes. On i386 and amd64, a page is 4096 bytes, so the above allows for up to 2 GB of wired memory.

2 thoughts on “GPG insecure memory”

  1. This will also fix the «locking SHMFILE in core failed: Resource temporarily unavailable» warning that Varnish emits during startup.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.