On Sat, 13 Nov 2010 14:58, r...@debian.org said: > I disagree. This puts an additional burden on the user. Adding SUID
I can't see why encrypting the swap puts an additional burden on the user or on the machine. If you need to swap/page something you are in either of these situations: - The process is idle for a long time. Thus there should be no burden to the user regarding the extra time it takes for the system to swap it out. The system is anyway under some stress. - There is a severe memory resource shortage and due to the ongoing swap operations in many processes, the system performance is I/O bounded and the CPU has enough time to do that little symmetric encryption. Even without having done any benchmarks I'd enbale swap encryption by default. > bit doesn't seem like a security problem. Gnupg drops privileges as > soon as it's not needed anymore, and upstream recommends this in > their FAQ. Ahemm, the FAQ. Well that beast is old and hopefully the only unmaintained part of GnuPG. The background for the SUID stuff is that back in 1998 encrypted swap partitions were not widely available and disk encryption on GNU/Linux was not available at all (due to US export restrictions). The manual even states (at least I hope) that you should set the SUID bit only if you see the warning, on modern Linux kernels there is no need for it because any process may mlock a few pages which is sufficient. With an encrypted swap partition all stuff could be much much easier. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
